- Apr 25, 2013
- 5,354
Askmen.com, one of the most popular websites on the Internet (Top 1000 Alexa), is compromised to sever the banking trojan Caphaw.
The attackers deployed several exploits to compromise the visitors, and if successful, the victim is infected with the Caphaw Trojan. Caphaw is banking trojan used to steal banking credentials from victims, it also allows the attackers to drop additional malicious payload on the victim’s system.
The malicious code installed on AskMen.com will attempt to exploit Java (most likely CVE-2013-2465) and Adobe Reader, experts believe that hackers used the Nuclear exploit kit for the attack.
“The exploit page displays similar obfuscation techniques, which are often used in the Nuclear Pack exploit kit. In addition, the above mentioned Javaexploit is most often used by Nuclear Pack. These facts strongly indicate that the attacker is using either the Nuclear Pack exploit kit or a variant of it.”
Full Article
The attackers deployed several exploits to compromise the visitors, and if successful, the victim is infected with the Caphaw Trojan. Caphaw is banking trojan used to steal banking credentials from victims, it also allows the attackers to drop additional malicious payload on the victim’s system.
The malicious code installed on AskMen.com will attempt to exploit Java (most likely CVE-2013-2465) and Adobe Reader, experts believe that hackers used the Nuclear exploit kit for the attack.
“The exploit page displays similar obfuscation techniques, which are often used in the Nuclear Pack exploit kit. In addition, the above mentioned Javaexploit is most often used by Nuclear Pack. These facts strongly indicate that the attacker is using either the Nuclear Pack exploit kit or a variant of it.”
Full Article