Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Banking Trojan Caphaw is being distributed through Youtube ads!
Emsisoft News ^ | 3-3-14 | Steven

Posted on 03/03/2014 9:39:01 AM PST by foundedonpurpose

Caphaw Trojan Found in Youtube Ads In Malware, Malware Alerts by steven on February 25, 2014 | Deutsch, English, Français, Italiano, Русский

99 EmailShare

youtube-logoLast Friday – under the shadow of two critical zero day exploits on Internet Explorer and Adobe Flash – researchers at Bromium Labs discovered malware in an advertising network connected to Youtube. Specific details are yet unknown and the threat has yet to be completely mitigated. As of Friday, Google Security was made aware of the issue and is currently investigating the matter with Bromium. What is Known

The malware being served is a Caphaw banking Trojan. Emsisoft detects Trojans from this family as Trojan.Win32.Caphaw.

The attackers are infecting Youtube users through third-party Youtube ads, using the drive-by download technique.

Further investigation has revealed that the ad network serving the Caphaw malware is also hosting the Styx exploit kit. An exploit kit is a toolkit hackers can purchase ready-made and then place on malicious websites to automatically target common vulnerabilities present on un-updated computers. The Styx exploit kit targets Java vulnerabilities in particular. Research indicates that in this attack Styx is being used to target CVE-2013-2460.

Research has also indicated that this attack connects users to a C&C server in Europe. As yet, this server’s specific location remains unknown. Am I at Risk?

Anyone running Emsisoft is automatically protected from Caphaw. Users not running a comprehensive anti-virus software who have recently clicked on a Youtube ad may be infected.

The Caphaw Trojan allows attackers remote control of your PC. With such control, attackers may directly access your files, monitor your Internet usage, or use your PC for any number of malicious activities.

If you recently clicked on a Youtube ad, Emsisoft recommends an immediate scan with Emsisoft Anti-Malware. The software will detect and remove Caphaw, and protect your PC from future attacks. More Details on this Threat

Bromium published an initial analysis of the attack in a blogpost on Friday. The research firm is currently working with Google Security to investigate the attack in greater detail. Updates are sure to follow.

Targeting a high profile website such as Youtube is a watering hole tactic. Youtube receives thousands if not millions of visitors per day, so attacks like this one have a greater chance of infecting more users. People often think that they are safest when visiting such websites, as security is generally much tighter and the odds of being targeted among so many other users seem slim, but this is somewhat of a misconception. From an attacker’s perspective, poisoning just one giant waterhole can be much more profitable and can take much less time than poisoning one hundred smaller ones.

This recent attack acts as an important reminder. No website is 100% secure. And, whether malicious or not, Internet advertising exists to make money. So be careful where you click.

Here’s to a Malware-Free Week Ahead! - See more at: http://blog.emsisoft.com/2014/02/25/caphaw-trojan-found-in-youtube-ads/?ref=ticker140303&utm_source=newsletter&utm_medium=newsletter&utm_content=onlineversion&utm_campaign=ticker140303#sthash.EXK4tfKU.dpuf


TOPICS: Computers/Internet; Education; Reference
KEYWORDS: adblocker; computervirus; malware; trojanhorse
Hi everyone,

After receiving this article in an e-mail newsletter, I've had enough! I cannot stand all the ads as it is, and have heard of ad blocker programs but have no clue about what program to get.

Any help appreciated! Thank you!

Founded

1 posted on 03/03/2014 9:39:01 AM PST by foundedonpurpose
[ Post Reply | Private Reply | View Replies]

To: foundedonpurpose; rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; ...

2 posted on 03/03/2014 9:39:58 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: foundedonpurpose

AdBlock Plus extension for Firefox.


3 posted on 03/03/2014 9:40:36 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

AdBlock Plus + Ghostery + NoScript


4 posted on 03/03/2014 9:45:37 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: foundedonpurpose

Firefox and Flash Block. All set.


5 posted on 03/03/2014 9:48:05 AM PST by Bloody Sam Roberts ("The further a society drifts from truth the more it will hate those who speak it." - George Orwell)
[ Post Reply | Private Reply | To 1 | View Replies]

To: foundedonpurpose
I dream of the day I read the Headline:

Malware Writers Caught, Emasculated and Hung By The Neck From The Courthouse Balcony

6 posted on 03/03/2014 9:49:54 AM PST by Mad Dawgg (If you're going to deny my 1st Amendment rights then I must proceed to the 2nd one...)
[ Post Reply | Private Reply | To 1 | View Replies]

The Same People Donate Over And Over

Getting The Rest To Donate Shouldn't Be Like This.......


Click The Pic To Donate

Donate

7 posted on 03/03/2014 9:50:16 AM PST by DJ MacWoW (The Fed Gov is not one ring to rule them all)
[ Post Reply | Private Reply | To 1 | View Replies]

To: foundedonpurpose

Considering Google’s love for Obama, the whole thing is probably an NSA operation.


8 posted on 03/03/2014 9:50:43 AM PST by aimhigh
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mad Dawgg

Can we include wall street bankers and fascist politicians?


9 posted on 03/03/2014 9:53:12 AM PST by foundedonpurpose
[ Post Reply | Private Reply | To 6 | View Replies]

To: aimhigh

I think it’s difficult/impossible to find a major US internet portal that isn’t controlled by progressives or libertarians.


10 posted on 03/03/2014 9:53:54 AM PST by nascarnation (I'm hiring Jack Palladino to investigate Baraq's golf scores.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: foundedonpurpose
"Can we include wall street bankers and fascist politicians?"

We have a motion on the floor.

All those in favor say "Aye"...

11 posted on 03/03/2014 10:00:11 AM PST by Mad Dawgg (If you're going to deny my 1st Amendment rights then I must proceed to the 2nd one...)
[ Post Reply | Private Reply | To 9 | View Replies]

To: foundedonpurpose

bump


12 posted on 03/03/2014 10:07:50 AM PST by GGpaX4DumpedTea (I am a Tea Party descendant...steeped in the Constitutional Republic given to us by the Founders)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mad Dawgg

I say get that guy in Syria to chop off their hands. That ought to slow down their virus writing.


13 posted on 03/03/2014 1:29:59 PM PST by beef (Who Killed Kennewick Man?)
[ Post Reply | Private Reply | To 6 | View Replies]

To: ShadowAce; foundedonpurpose

>>AdBlock Plus extension for Firefox.

Also available for Chrome.


14 posted on 03/03/2014 4:06:57 PM PST by expat1000
[ Post Reply | Private Reply | To 3 | View Replies]

To: expat1000

Use lixux when web surfing. Seriously.


15 posted on 03/03/2014 4:11:15 PM PST by wolfman
[ Post Reply | Private Reply | To 14 | View Replies]

To: aimhigh

Very sad, sadly very probable!


16 posted on 03/03/2014 8:20:58 PM PST by foundedonpurpose
[ Post Reply | Private Reply | To 8 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson