Malvertising attacks are becoming more and more common and it appears that not even YouTube users are safe.Security researchers from Bromium Labs recently found that YouTube advertising network has been used by cyber criminals to distribute malware. According to experts, cyber criminals compromised an ad network and were redirecting users to malicious websites, hosting the 'Styx Exploit Kit' and infect users computer with Caphaw Banking Trojan..
This particular exploit kit is designed to exploit java vulnerability (CVE-2013-2460) in outdated versions, once in the targets computer system the malware detects the Java version installed on the operating system and based upon it loads suitable exploit compatible with the installed java version.
The command and control server (C&C) used by the cyber criminals appears to be hosted in Europe and it relies on a domain generation algorithm (DGA). Researcher has notified Google of the attack, but so far, they still do not know how the cyber criminals have pulled it off to evade Google’s internal advertisement security checks.And how many users had become victim of this attack is yet a question.
Google has confirmed that a rogue advertiser was behind this malvertisment and also said it has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again.
No comments:
Post a Comment