Author Topic: Caphaw.A responsible for some recent Facebook attacks  (Read 768 times)

0 Members and 1 Guest are viewing this topic.

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 291
  • Rascal & Biscuit
Caphaw.A responsible for some recent Facebook attacks
« on: November 17, 2011, 05:37:28 pm »
Backdoor:Win32/Caphaw.A is "a sophisticated firewall-bypassing backdoor armed with almost everything. It installs an FTP server, a proxy server, and a keylogger on the computer. It also has built-in remote desktop functionality based on the open source VNC project. We received a report that a user found this in his computer and also discovered that money had been transferred from his bank account by an unknown party. The keylogging component, coupled with the remote desktop functionality, makes it entirely possible for this to have happened.

The backdoor "calls home" to domains such as commonworld<removed>.cc or web<removed>es.cc to get the data that it posts on the friends' Facebook walls. Its main module, in the meantime, is hosted on <removed>youtube.com
".

Full article:  http://blogs.technet.com/b/mmpc/archive/2011/11/17/keep-your-facebook-friends-close-and-your-antivirus-closer.aspx




Offline faith_michele

  • Anti - Phishing Staff
  • Gold Member
  • Posts: 1947
    • A Beacon of Light
Re: Caphaw.A responsible for some recent Facebook attacks
« Reply #1 on: November 18, 2011, 02:55:11 pm »
Thanks!  :)1
Microsoft Consumer Security MVP, July 2007-June 2010

"Fight your fights, find the grace in all the things that you can't change and help somebody, if you can." Van Zant

A Beacon of Light