Caphaw Trojan Found in Youtube Ads (comp.review.avhost) : Рассылка : Subscribe.Ru

Caphaw Trojan Found in Youtube Ads

Статистика

Антивирусный "хостинг"

Подписаться Бесплатная «Серебряная» новостная рассылка . Подписчиков 8.345 RSS

← Февраль 2014 →
	1	2
3	4	5	6	7	8	9
10	11 11.02.2014 06:15:33 17:15:51	12 12.02.2014 06:15:33 17:16:02	13 13.02.2014 06:15:52 17:16:10	14	15	16
17 17.02.2014 06:15:44 17:15:55	18	19	20	21	22	23
24	25	26	27	28 28.02.2014 06:15:24 17:15:50

За последние 60 дней ни разу не выходила

Сайт рассылки: http://av-host.net
Открыта: 09-03-2012

Автор

kmm

8.345 подписчиков
0 за неделю

← Все выпуски →

2014-02-27 11:48 Caphaw Trojan Found in Youtube Ads
2014-02-27 12:40 RIP Mt.Gox
2014-02-27 12:42 Preview: Emsisoft Mobile Security offers protection for your Android device
2014-02-27 12:55 Нашелся обладатель смартфона и другие призеры аукциона ВебIQметра!

← Февраль 2014 →

11 11.02.2014 06:15:33 17:15:51

12 12.02.2014 06:15:33 17:16:02

13 13.02.2014 06:15:52 17:16:10

17 17.02.2014 06:15:44 17:15:55

28 28.02.2014 06:15:24 17:15:50

Клуб пользователей антивирусных услуг (Saas, Cloud)

Антивирусы и безопасность (SaaS, Cloud ...)

Caphaw Trojan Found in Youtube Ads
2014-02-27 11:48

KMM поделился ссылкой

Caphaw Trojan Found in Youtube Ads

Last Friday – under the shadow of two critical zero day exploits on Internet Explorer and Adobe Flash – researchers at Bromium Labs discovered malware in an advertising network connected to Youtube. Specific details are yet unknown and the threat has yet to be completely mitigated. As of Friday, Google Security was made aware of the issue and is currently investigating the matter with Bromium.

What is Known

The malware being served is a Caphaw banking Trojan. Emsisoft detects Trojans from this family as Trojan.Win32.Caphaw.

The attackers are infecting Youtube users through third-party Youtube ads, using the drive-by download technique.

Further investigation has revealed that the ad network serving the Caphaw malware is also hosting the Styx exploit kit. An exploit kit is a toolkit hackers can purchase ready-made and then place on malicious websites to automatically target common vulnerabilities present on un-updated computers. The Styx exploit kit targets Java vulnerabilities in particular. Research indicates that in this attack Styx is being used to target CVE-2013-2460.

Research has also indicated that this attack connects users to a C&C server in Europe. As yet, this server’s specific location remains unknown.

Am I at Risk?

Anyone running Emsisoft is automatically protected from Caphaw. Users not running a comprehensive anti-virus software who have recently clicked on a Youtube ad may be infected.

The Caphaw Trojan allows attackers remote control of your PC. With such control, attackers may directly access your files, monitor your Internet usage, or use your PC for any number of malicious activities.

If you recently clicked on a Youtube ad, Emsisoft recommends an immediate scan with Emsisoft Anti-Malware. The software will detect and remove Caphaw, and protect your PC from future attacks.

More Details on this Threat

Bromium published an initial analysis of the attack in a blogpost on Friday. The research firm is currently working with Google Security to investigate the attack in greater detail. Updates are sure to follow.

Targeting a high profile website such as Youtube is a watering hole tactic. Youtube receives thousands if not millions of visitors per day, so attacks like this one have a greater chance of infecting more users. People often think that they are safest when visiting such websites, as security is generally much tighter and the odds of being targeted among so many other users seem slim, but this is somewhat of a misconception. From an attacker’s perspective, poisoning just one giant waterhole can be much more profitable and can take much less time than poisoning one hundred smaller ones.

This recent attack acts as an important reminder. No website is 100% secure. And, whether malicious or not, Internet advertising exists to make money. So be careful where you click.

Here’s to a Malware-Free Week Ahead!

Related Posts:
Troyen Caphaw Trojan détecté dans les pubs sur YouTube
Caphaw-Trojaner in YouTube-Anzeigen gefunden
Emsisoft Malware Warning: Yahoo…
Emsisoft Malware Warning: Yahoo…
Adobe Flash Zero Day: Operation GreedyWonk

RIP Mt.Gox
2014-02-27 12:40

KMM поделился ссылкой

RIP Mt.Gox

About two weeks ago, Emsisoft published a blog post on the transaction malleability crisis at Mt.Gox. Today, the headlines read that the Bitcoin exchange is dead.

The Mt.Gox website has been taken offline. The Mt.Gox Twitter is gone. A leaked Crisis Strategy Draft has hit the web, apparently authored by Mt.Gox executive leadership. This document states:
"At this point 744,408 BTC are missing due to 
malleability-related theft which went unnoticed 
for several years."
744,408 BTC = 350 million USD.

The remainder of the document reads like an exit strategy, with plans to re-launch the corporation under new leadership and branding. Assuming this document is legitimate, Mt.Gox knew they were through. The corporation was more or less blindsided by transaction malleability.

Is Cryptocurrency Worth it?

Small details matter. Glitches propagate. One small bug has enabled $350 million in theft and has crippled a multibillion dollar corporation.

This is a principle of engineering that pops up time and time again. The devil is in the details. The more complex a system becomes, the more chaotic too. Grammarians like to illustrate this principle through the comparison of two sentences:

“Let’s eat Grandma!” vs. “Let’s eat, Grandma!”

One comma changes everything.

Computer security is the exact same way. Overcomplicated structures built on weak foundations topple. The temptation to make a quick buck is immense, but the methodologies necessary to do so cannot coexist with a sustainable business model.

At least we think so.

The question remains: Is cryptocurrency worth it? Has Bitcoin met its end?

We’d love to hear your thoughts in the comment section below.

Related Posts:
MtGox Freezes All Bitcoin Withdrawals
DDoS Attacks Affect Cloudflare and Bitcoin Exchange
Brick and Mortar Identity Theft Targets 40 million Accounts
Attack on Bitcoins: The virtual currency that is creating a…
Emsisoft Fraud Alert: LinkedIn Data Breached by Fake…

Preview: Emsisoft Mobile Security offers protection for your Android device
2014-02-27 12:42

KMM поделился ссылкой

Preview: Emsisoft Mobile Security offers protection for your Android device

Emsisoft Mobile Security [beta] is a next-gen security solution for Android devices focused on little (to zero) system or battery impact while providing access to a number of security functions in order to help you have a safer and more informed Android experience.

Emsisoft Mobile Security

Protects your Android smartphone and tablet from dangers awaiting on the internet.

Scans all stored files for malware infections.

Real time protection that blocks malicious apps as they arrive.

Surf protection that blocks access to dangerous websites.

Anti-Theft to lock or wipe the device remotely when stolen or lost.

Privacy audit for installed apps.

Preview of the Beta:

We’d like to invite interested users to join our beta test and download Emsisoft Mobile Security now!

Related Posts:
Emsisoft Malwarelympics 2014
Prevent malware from entering your PC with Emsisoft Surf…
Emsisoft Internet Security 9 Preview
Buzz word: “cloud anti-virus” – what is it…
Emsisoft Internet Security Pack with best result in COMSS…

Нашелся обладатель смартфона и другие призеры аукциона ВебIQметра!
2014-02-27 12:55

KMM поделился ссылкой

Нашелся обладатель смартфона и другие призеры аукциона ВебIQметра!

27 февраля 2014 года

На интерактивном образовательном проекте ВебIQметр разыграны лоты восемнадцатого аукциона. Наиболее ценными артефактами на этот раз стали смартфон Sony Xperia M (с лицензией Dr.Web Mobile Security на 1 год) и электронная книга Prestigio MultiReader 3664 – и достаются они соответственно пользователям amonn (г. Муром) и lexy (г. Санкт-Петербург). Наши поздравления победителям!

Участники ВебIQметра под псевдонимами Elenusik (Украина, г. Харьков), SSahapov (г. Набережные Челны) и Таулан (г. Черкесск) выигрывают компьютерные мыши A4 Tеch X 710. Что касается Grand Theft Auto V, то играть в эту видеоигру посчастливится пользователям Nike, Soulcatcher (г. Дивногорск) и timofiozi (г. Москва).

Фирменные футболка и бейсболка Dr.Web, скрывавшиеся на аукционе под наименованием «Кот в мешке», достаются М...ч (г. Тобольск).

Полный перечень победителей – как обычно, в таблице ниже. Мы искренне рады за всех, чье имя в ней присутствует, – и желаем дальнейших успехов!

Псевдоним Ставка (баллы) Ставка (Dr.Web-ки)

Смартфон Sony Xperia M с лицензий Dr.Web Mobile Security на 1 год

amonn 2760.50 2440

Электронная книга Prestigio MultiReader 3664

lexy 1727.00 1499

Игровая клавиатура Mad Catz S.T.R.I.K.E.7

Snegger 769.00 413

Мышь A4 Tеch X 710

Elenusik 50.00 20

SSahapov 600.00 250

Таулан 40.00 21

Видеоигра Grand Theft Auto V

Nike 948.00 773

Soulcatcher 109.00 89

timofiozi 40.00 13

Кот в мешке

М...ч 1362.00 2330

Dr.Web Security Space 1 ПК/Mac + 1 моб. устройство на 1 год

mr.dsa 1262.00 1180

loki 1022.00 1040

Е...ч 1270.50 842

Pikar 1090.00 798

DFoul 1392.50 811

softscamehater 862.00 562

mytant 728.00 620

Van_Helsing 516.00 899

А...ч 1200.00 700

xilyt 1512.00 600

Внешний жесткий диск 1 Тб

tosya 2762.50 2268

Ключница

DoC 116.50 86

AThousandDolphins 300.00 300

Е...ч 1182.00 767

Портмоне кожаное

daniil 778.00 526

Кружка-хамелеон

К...ч 300.00 250

W1nd 505.00 308

BES 62.50 405

Ш...а 265.00 70

arturik 200.00 150

Н...м 211.00 135

Г...ч 251.00 33

visasus 207.00 205

™НаТаЛьЯ™ 220.00 50

magrul 300.00 30

Часы настенные

max 555.55 555

Лицензия для школы на 1 год (защита рабочих станций и файловых серверов)

Absolut 668.50 200

В избранное

{#template MAIN} <div id="loginForm" style="display:none;" class="subscriberu_popup"> <div class="popup_register"> {#include js_tmpl_auth_reg_tab} {#if $P.login_register_tab == 1} <form class="authentication-form" method="post" action="/MEMBERLOGIN_authen_cred"> <dl class="rg_block_options"> <dt id="js_tap_panel_auth"> <h1>Войти на сайт</h1> {* {#include js_tmpl_auth_reg_button} *} {#include js_tmpl_auth_reg_action} <hr class="logreg_line noPhones"> <div class="logreg_descr noPhones"><p>{#include js_tmpl_auth_reg_descr} </p></div> <div class="logreg_advice noPhones"> Если вы еще не с нами, то начните с <a href="#" onclick="rgNav('js_tab_reg');return false;" class="dashed" data-func="registr">регистрации</a> </div> <br><br> <a class="dashed auth-enter" href="/manage/author/"><b>Вход для авторов</b></a> </dt> </dl> </form> {#/if} {#if $P.login_register_tab == 2} <div class="rg_block_options"> <div id="js_tap_panel_auth"> <h1>Регистрация</h1> <div class="social_reg"> {* <div class="rg_description">{#include js_tmpl_soc_auth_reg_descr}</div> *} {#include js_tmpl_auth_reg_soc} <div class="rg_soc_auth_agree">{#include js_tmpl_auth_reg_agree}</div> </div> <div class="subscribe_reg"> {* <div class="rg_description"> #include js_tmpl_auth_reg_descr </div> *} {#include js_tmpl_auth_reg_action} </div> {* {#include js_tmpl_auth_reg_button} *} <div class="clr"> </div> <hr class="logreg_line noPhones"> <div class="logreg_descr noPhones">{#include js_tmpl_auth_reg_descr} {#include js_tmpl_soc_auth_reg_descr} </div> </div> </div> {#/if} </div> {* <div class="gray_bg register_shadow"></div> *} </div> {#/template MAIN} {#template js_tmpl_auth_reg_tab} <ul class="rg_nav"> <li id="js_tab_auth" class="{#if $P.login_register_tab == 1} rg_active_nav {#/if} rg_first_nav"><a onclick="rgNav('js_tab_auth');return false;" href="">Вход на сайт</a></li> <li id="js_tab_reg" class="{#if $P.login_register_tab == 2} rg_active_nav {#/if}"><a onclick="rgNav('js_tab_reg');return false;" href="">Регистрация </a></li> </ul> <span onclick="hidebo();" class="rg_closed"> </span> {#/template js_tmpl_auth_reg_tab} {#template js_tmpl_auth_reg_action} {#if $P.login_register_tab == 1} {#include js_tmpl_auth_reg_soc} {#/if} <div class="rg_forms"> <input type="hidden" id="login_register_destination" value="{$P.login_register_destination}"/> {#if $P.login_register_tab == 1} <div class="rg_for_input"> <span class="rg_text_inner">E-mail или код подписчика</span> <input id="credential_0" class="js_keydown_selector rg_input_text" data-js_submit="no" data-js_next_input_name="credential_1" name="" type="text" /> </div> <div class="rg_for_input"> <span class="rg_text_inner">Пароль</span> <input id="credential_1" class="js_keydown_selector rg_input_text" data-js_submit="yes" data-js_action="js_loginFormBut" name="" type="password" onkeyup="showAttention(this,!!window.event.shiftKey)" /> <span class="pswd_attention" id="attention_pswd"> <span class="icon_attention"></span> <span class="pswd_attention-text" id="attention-text_pswd1">Русская раскладка клавиатуры!</span> <span class="pswd_attention-text" id="attention-text_pswd2">У вас включен Caps Lock!</span> <span class="pswd_attention-text" id="attention-text_pswd3">У вас включен Caps Lock и русская раскладка клавиатуры!</span> </span> </div> <div class="rg_for_input input-alien"> <span class="chk noPhones"><input id="chk_alien" name="" type="checkbox" /></span><label for="chk_alien" class="noPhones"> Чужой компьютер</label> <a class="forgot_pass" href="/member/totalrecall">Забыли пароль?</a> </div> <div class="rg_for_input"> <em id="auth_msg" class="reg_error"></em> <input id="lf_typeauthid" value="email" type="hidden"> <input type="submit" class="button button-red logreg_submit" id="js_loginFormBut" value="Войти">  <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> </div> {#/if} {#if $P.login_register_tab == 2} <div class="rg_for_input"> <span class="rg_text_inner">E-mail</span> <input id="arfemail" class="js_keydown_selector rg_input_text" name="" type="text" data-js_submit="yes" data-js_action="js_regFormBut"/> </div> <div class="rg_for_input rg_set_lineh rg_for_input_wide"> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_terms' type="checkbox" data-js_submit="yes" /></span> Я ознакомился и согласен с <a class="link_txd logreg_accLink" href="/faq/vereinbarung.html">условиями сервиса Subscribe.ru</a> </label> <br /> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_personal' type="checkbox" data-js_submit="yes" /></span> Нажимая на кнопку "Готово!", я даю <a class="link_txd logreg_accLink" href="/faq/persverordnung.html">согласие на обработку персональных данных</a> </label> </div> {* <div style="float: left;position: absolute;left: 11em;"> <img src="http://www.kupivip.ru/images/vip/logo.png?1604" style="width: 86px; vertical-align: middle;display: block;"> </div> <div class="rg_for_input rg_set_lineh"> <label class="js_tap_panel_checkbox"><input name="" id="js_tap_panel_checkbox_kupivip" type="checkbox" data-js_submit="yes"> Я хочу получать новости о скидках на одежду</label> </div> *} <div class="rg_for_input"> <em id="reg_msg" class="reg_error rg_for_input_wide"></em> <em id="reg_msg2" class="reg_error rg_for_input_wide"></em> <input id="rf_typeauthid" value="email" type="hidden"> <a class="button button-red logreg_submit" id="js_regFormBut" href="#">Готово!</a> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> </div> {#/if} </div> {#/template js_tmpl_auth_reg_action} {#template js_tmpl_auth_reg_agree} <div class="rg_for_input rg_set_lineh rg_for_input_wide"> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_terms_reg' type="checkbox" data-js_submit="yes" /></span> Я ознакомился и согласен с <a class="link_txd logreg_accLink" href="/faq/vereinbarung.html">условиями сервиса Subscribe.ru</a></label> <em id="reg_msg_soc" class="reg_error rg_for_input_wide"></em> </div> {#/template js_tmpl_auth_reg_agree} {#template js_tmpl_auth_reg_button} <div class="rg_butons_socials"> {#if $P.login_register_tab == 1} <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="auth_email" href="#"><span><i></i>Email</span></a> <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="auth_openid" href="#"><span><i></i>OpenID</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="auth_vkontakte" href="#"><span><i></i>Вконтакте</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="auth_mailru" href="#"><span><i></i>Mail.Ru</span></a> {#/if} {#if $P.login_register_tab == 2} <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="reg_email" href="#"><span><i></i>Email</span></a> <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="reg_openid" href="#"><span><i></i>OpenID</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="reg_vkontakte" href="#"><span><i></i>Вконтакте</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="reg_mailru" href="#"><span><i></i>Mail.Ru</span></a> {#/if} </div> {#/template js_tmpl_auth_reg_button} {#template js_tmpl_auth_reg_descr} {#if $P.login_register_tab == 1} Для оформления подписки на выбранную рассылку, работы с интересующей вас группой или доступа в нужный вам раздел, просим авторизоваться на Subscribe.ru {#/if} {#if $P.login_register_tab == 2} Для регистрации укажите ваш e-mail адрес. Адрес должен быть действующим, на него сразу после регистрации будет отправлено письмо с инструкциями и кодом подтверждения. {#/if} {#/template js_tmpl_auth_reg_descr} {#template js_tmpl_soc_auth_reg_descr} Или зарегистрируйтесь через социальную сеть. {#/template js_tmpl_soc_auth_reg_descr} {#template js_tmpl_auth_reg_soc} <div class="rg_soc"> {#if $P.login_register_tab == 1} <a onclick="return _checkSocConfirm(event)" href="https://oauth.vk.com/authorize?client_id=3954260&scope=wall,offline,photos,groups,video,audio,email&redirect_uri={location.protocol+'//'+location.host}/member/login/vk/&response_type=code&v=5.15" class="login_register_vk_button"> <span class="login_register_vk_icon"></span> </a> {#/if} {#if $P.login_register_tab == 2} <a onclick="return _checkSocConfirm(event)" href="https://oauth.vk.com/authorize?client_id=3954260&scope=wall,offline,photos,groups,video,audio,email&redirect_uri={location.protocol+'//'+location.host}/member/join/vk&response_type=code&v=5.15" class="login_register_vk_button"> <span class="login_register_vk_icon"></span> </a> {#/if} </div> {#/template js_tmpl_auth_reg_soc}

{#template MAIN} <div id="loginForm" style="display:none;" class="subscriberu_popup"> <div class="popup_register"> {#include js_tmpl_auth_reg_tab} <dl class="rg_block_options"> <dt id="js_tap_panel_auth"> <p class="rg_description">{#include js_tmpl_auth_reg_descr}</p> <div class="clr"> </div> {#include js_tmpl_auth_reg_action} <div class="clr"> </div> </dt> </dl> </div>  </div> {#/template MAIN} {#template js_tmpl_auth_reg_tab} <ul class="rg_nav"> <li id="js_tab_reg" class="rg_active_nav rg_first_nav"><a href="" onclick="return false;" >Регистрация</a></li> </ul> <span onclick="hidebo();" class="rg_closed"> </span> {#/template js_tmpl_auth_reg_tab} {#template js_tmpl_auth_reg_descr} <strong>Пожалуйста, подтвердите ваш адрес.</strong><br><br>Вам отправлено письмо для подтверждения вашего адреса {$P.register_confirm_mail}.<br>Для подтверждения адреса перейдите по ссылке из этого письма. {#/template js_tmpl_auth_reg_descr} {#template js_tmpl_auth_reg_action} <div class="rg_forms confirm_code_from_letter"> <div class="rg_for_input"> <span class="rg_inp_descr" style="width:15em;">Или введите код из письма:</span> <input type="text" value="" id="confirm_code" name="" data-js_submit="yes" data-js_action="js_confirmFormBut" class="js_keydown_selector rg_input_text_conf" > </div> <div class="rg_for_input"><label>Не пришло письмо? <b>Пожалуйста, проверьте папку Спам</b><br /> (папку для нежелательной почты).</label><br /> <a href="" onclick="ajax_recall_code();return false" >Вышлите мне письмо еще раз!</a></div> <div class="rg_for_input"> <em class="reg_error" id="confirm_msg"></em> <a href="#" class="button button-red" id="js_confirmFormBut">Готово</a> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> <br> </div> </div> {#/template js_tmpl_auth_reg_action}