Asprox / Kuluoz Botnet Analysis

by Ayoub Faouzi
Oct. 8, 2017 0 comments INFOSEC Institute Encryption & Authentication

Kuluoz, aka Asprox, is a spam botnet that emerged in 2007. It has been known for sending mass of phishing emails used in conjunction with social engineering lures (e.g. booking confirmations, postal-themed spam, etc.) This article presents a view on the malware and its capabilities, how it communicates with the CnC, encryption schemes used, as well as different protection mechanisms to make the malware analyst job harder. Another point also to take into consideration that Asprox issues commands that instruct compromised computers to download and execute additional payloads provided by a pay-per-install (PPI) affiliate, from which botnet operators earn revenue.