Skip to comments.Banking Trojan Caphaw is being distributed through Youtube ads!
Posted on 03/03/2014 9:39:01 AM PST by foundedonpurpose
Caphaw Trojan Found in Youtube Ads In Malware, Malware Alerts by steven on February 25, 2014 | Deutsch, English, Français, Italiano, Русский
youtube-logoLast Friday under the shadow of two critical zero day exploits on Internet Explorer and Adobe Flash researchers at Bromium Labs discovered malware in an advertising network connected to Youtube. Specific details are yet unknown and the threat has yet to be completely mitigated. As of Friday, Google Security was made aware of the issue and is currently investigating the matter with Bromium. What is Known
The malware being served is a Caphaw banking Trojan. Emsisoft detects Trojans from this family as Trojan.Win32.Caphaw.
The attackers are infecting Youtube users through third-party Youtube ads, using the drive-by download technique.
Further investigation has revealed that the ad network serving the Caphaw malware is also hosting the Styx exploit kit. An exploit kit is a toolkit hackers can purchase ready-made and then place on malicious websites to automatically target common vulnerabilities present on un-updated computers. The Styx exploit kit targets Java vulnerabilities in particular. Research indicates that in this attack Styx is being used to target CVE-2013-2460.
Research has also indicated that this attack connects users to a C&C server in Europe. As yet, this servers specific location remains unknown. Am I at Risk?
Anyone running Emsisoft is automatically protected from Caphaw. Users not running a comprehensive anti-virus software who have recently clicked on a Youtube ad may be infected.
The Caphaw Trojan allows attackers remote control of your PC. With such control, attackers may directly access your files, monitor your Internet usage, or use your PC for any number of malicious activities.
If you recently clicked on a Youtube ad, Emsisoft recommends an immediate scan with Emsisoft Anti-Malware. The software will detect and remove Caphaw, and protect your PC from future attacks. More Details on this Threat
Bromium published an initial analysis of the attack in a blogpost on Friday. The research firm is currently working with Google Security to investigate the attack in greater detail. Updates are sure to follow.
Targeting a high profile website such as Youtube is a watering hole tactic. Youtube receives thousands if not millions of visitors per day, so attacks like this one have a greater chance of infecting more users. People often think that they are safest when visiting such websites, as security is generally much tighter and the odds of being targeted among so many other users seem slim, but this is somewhat of a misconception. From an attackers perspective, poisoning just one giant waterhole can be much more profitable and can take much less time than poisoning one hundred smaller ones.
This recent attack acts as an important reminder. No website is 100% secure. And, whether malicious or not, Internet advertising exists to make money. So be careful where you click.
Heres to a Malware-Free Week Ahead! - See more at: http://blog.emsisoft.com/2014/02/25/caphaw-trojan-found-in-youtube-ads/?ref=ticker140303&utm_source=newsletter&utm_medium=newsletter&utm_content=onlineversion&utm_campaign=ticker140303#sthash.EXK4tfKU.dpuf
After receiving this article in an e-mail newsletter, I've had enough! I cannot stand all the ads as it is, and have heard of ad blocker programs but have no clue about what program to get.
Any help appreciated! Thank you!
AdBlock Plus extension for Firefox.
AdBlock Plus + Ghostery + NoScript
Firefox and Flash Block. All set.
Malware Writers Caught, Emasculated and Hung By The Neck From The Courthouse Balcony
Considering Google’s love for Obama, the whole thing is probably an NSA operation.
Can we include wall street bankers and fascist politicians?
I think it’s difficult/impossible to find a major US internet portal that isn’t controlled by progressives or libertarians.
We have a motion on the floor.
All those in favor say "Aye"...
I say get that guy in Syria to chop off their hands. That ought to slow down their virus writing.
>>AdBlock Plus extension for Firefox.
Also available for Chrome.
Use lixux when web surfing. Seriously.
Very sad, sadly very probable!