Search This Blog

New Facebook scam leads to Youtube Phishing page

Microsoft spotted a spam that leads to Youtube Phishing page, which suggest to update browser with a bogus Active object(setup.exe. Of course, it is malware, detected as Backdoor:Win32/Caphaw.A.

This malware installs an FTP server, a proxy server, and a keylogger on the computer. It also has built-in remote desktop functionality based on the open source VNC project.
One infected user reported that money had been transferred from his bank account by an unknown party.

 The backdoor "calls home" to domains such as commonworld*****.cc or web**** to get the data that it posts on the friends' Facebook walls. Its main module, in the meantime, is hosted on ****

If you see these type of spams, you can mark the post as spam to help prevent others from downloading the backdoor; 
Share it:

Social Engineering Attack

Spam Report