Silent noise - about spam, trojans and other nasty stuff

The Asprox botnet has come to life again.
It disappeared in the form I knew it right before Christmas.

I think the bird Phoenix arose today.
Here is what I get when trying one of their latest domains,
h||p://wmpd. ru/script. js:

Last-Modified: Mon, 19 Jan 2009 16:56:49 GMT

If that info can be trusted, my guess is that the botnet came to life today.

I have not put to much effort into checking, but most of the old javascript file names seems to be there: add.js, b.js, fgg.js, ngg.js, script.js etc.

What puzzles me a bit is that the latest name of the script, style.js is missing from the setup as this was used in the last round of sql-injections. Maybe it is only a question of time before it shows up.

The other javascript files seems to be identical regardless of the name.
Pointing to other domain names on the botnet, eg. h||p://google-analitycs.mtno. ru.

One other domain, an "oldtimer", advabnr. com is still alive.
So there is a danger that the sites that have been infected earlier and not cleaned up will now again infect endusers with the familiar javascript filenames.
I don't know if the way those files infect endusers has changed.

Short of time, maybe more later.