Security Protection – Harry Waldron MVP Rotating Header Image

IE10 Exploit – Recommendation to promptly apply patches

Corporate & home users should patch expediently.  IE11 also offers improved protection & functionality.  It has been a solid browser in both home & corporate environments, as “compatibility view” option helps work around legacy site issues.

http://securitywatch.pcmag.com/none/321016-rsac-consumers-lax-security-at-home-affects-businesses

QUOTE: There’s never a dull moment in the security industry, just as we heard about the latest IE 0day; one of our field security engineers in the Americas stumbled upon a YouTube link that was hosting malware. The vulnerability is not in YouTube as such, but the ad-network seems to be the culprit in this case. We’re working with Google security team to get to the bottom of this, in the meantime some quick details about the infection below.

Summary


Classic drive-by download attack, infects the user by exploiting client software vulnerabilities.

– The ad network was discovered to be hosting the Styx exploit kit. This exploit kit was recently in the news for compromising at hasbro.com. Well, the attackers seem to have upped their target this time by somehow getting into YouTube ads.

– The exploit leveraged in this was a Java exploit.

– The Trojan appears to be a Banking Trojan belonging to the Caphaw family.

– The outbound CnC went out to Europe in this infection, where the server is likely to be hosted. It uses a DGA (Domain Generation Algorithm) for CnC, we’re still digging into the various IP addresses leveraged.

Comments are closed.