Malware Attacks User’s PCs While Enjoying YouTube Videos - Bromium

Security firm grahamcluley.com published news on 24th February, 2014 stating that security researchers of Bromium have discovered hackers who were spreading malware into user's computers when innocent users were watching YouTube videos.

Bromium experts observe that the cybercriminals are tainting YouTube watchers through a third-party YouTube advertisement which is known as malvertising by employing the drive by download technique.

Bromium till now has investigated and noted that the ad-network serves the Caphaw Trojan which infected YouTube visitors and it is a variant of banking Trojan Shylock. This was last used in a campaign which targeted customers of 24 banks throughout the world.

The ad-network is also hording the infamous Styx exploit kit which is a toolkit. The attackers can buy this as readymade and place it on malevolent websites to automatically aim common vulnerabilities there on computers which are not updated. The exploit kit (referring to Styx) particularly aims Java vulnerabilities as research reveals that Styx is being employed to aim Java CVE-2013-2460 which was fixed by Oracle back in mid-2013.

According to security firm, the hackers used the same exploit kit which was recently used to infect visitors of the Hasbro toys website Hasbro.com.

Bromium has informed Google about this attack and has been working with security team of Google to unravel the root cause of this attack. Google has also confirmed that a rogue advertiser was behind this malvertisment and has taken this campaign off. Google is beefing up internal procedures to prevent occurrence of such events.

Nakedsecurity.com published a statement on 24th February, 2014 quoting a blog on the above statement by Graham Cluley, Independent Security Expert, as "However, it is quite possible that computers of some users are still infected by this malware attack resulting theft of banking credentials."

Once again, this incident acts as a reminder to either ensure installation of Java with properly updated security patches or (better) disabled totally inside your browser.

However, the security expert advised to have a layered defense in place to reduce the risk of malware attack. Additionally, users are also advised to install updated version of anti-virus software to avoid infection from the harmful malware.

» SPAMfighter News - 3/7/2014