YouTube Ads spreading Banking Malware, via Java Exploit

[Ink]

Content source

http://grahamcluley.com/2014/02/youtube-malware/

Security researchers at Bromium have discovered that hackers were spreading malware onto computers while unsuspecting users were watching YouTube videos.

The drive-by-download attack was distributed via adverts shown on the YouTube website, and used an exploit kit to infect Windows PCs with a version of the Caphaw banking Trojan.

According to a blog post by Bromium, the attack relied upon the exploitation of a Java vulnerability (CVE-2013-2460, patched by Oracle in mid-2013).

Bromium's Blog post: http://labs.bromium.com/2014/02/21/the-wild-wild-web-youtube-ads-serving-malware/

 

[Malware1]

This is Caphaw, unfortunately Caphaw samples usually have low detection.
Here's the latest sample of it:

scanned 45 minutes ago: https://www.virustotal.com/en/file/...46ec27efbe2fdaa0d4203d43/analysis/1393252619/

scanned few minutes ago: https://www.virustotal.com/en/file/...46ec27efbe2fdaa0d4203d43/analysis/1393255128/
https://www.virustotal.com/en/file/...46ec27efbe2fdaa0d4203d43/analysis/1393255128/
45 minutes ago there were only 4 detections from Fortinet, Rising, CMC and Qihoo. Now there are 6: Fortinet, Rising, CMC, Avast, ESET and Malwarebytes.