Do you use the same computer for Japanese adult sites and online banking transactions? If yes, you’re headed for trouble with the discovery an active piece of malware that could wreak havoc on your system.
Cyber security experts are alerting all visitors of Japanese adult websites to be cautious of a harmful malware – Win32/Aibatook – lurking on these sites. It is successfully siphoning banking information and account credentials from users of a number of porn sites based in Japan and users have already fallen prey to this malware.
The malware was first identified somewhere during the end of 2013. As expected, antivirus firms updated their databases and released software patches for quarantining it. They also targeted the servers that were posing a threat. But then a more updated and advanced version of Win32/Aibatook was uploaded to the net.
The creators of the malware shrewdly changed the programming language, migrating from Delphi to C++, for the coding of the updated version. Win32/Aibatook exploits the vulnerability of a JRE (Java Runtime Environment) component – Java/CVE-2013-2465.
The Affected Domains
So far, four compromised domains have been identified. These infected Japanese porn sites are regularly visited by more than 2,000 users. They have just the right traffic required by the cyber crooks. Win32/Aibatook has been prepared for inflicting a high impact. It’s just not malware, but also a well-organized campaign.
These websites have been identified as of now (Warning: Click at your own discretion but you risk infection and the content is obviously NSFW) – mywife.cc; ppv.xxxurabi.com; uravidata.com; sokuhabo.com. These are domains that researchers strongly advise you avoid.
While accessing these sites, unsuspecting users are often redirected to a rogue web page which starts drilling into the Java/CVE-2013-2465 vulnerability.
This rogue page carries the 404 error message (‘Page not found’) – a standard HTTP response indicating that the link you’re trying to reach is either dead or inaccessible, but this is a trick page.
While you’re facing the error message, a set of programming code accesses your computer and starts executing a malicious applet (Java program).
The stealthy malware maps certain components of the browser you use, and tracks all the data which you enter and view on your online banking sites. Also, even bogus forms are injected into the browser, prompting the users to fill in critical personal and financial data.
Make sure you do not open the above mentioned domains. Also, keep in mind that these are just the ones that have been identified. There are many other sites which might be affected, but are still undetected. Users are being instructed to be extremely careful while visiting any Japanese porn sites.
How Intelligent is This Malware?
What Precautions Can Users Take?
Be careful of the browser you use. At present, only Internet Explorer has been found to be targeted by the malware. The malware uses a technique known as ‘form-grabbing’ to monitor the HTML input fields on the web pages browsed through Internet Explorer. The malware constantly compares the input fields on the browser’s pages with the parameters set in its code to filter important information from regular information. If the input fields match the set parameters, then the data contained in those fields is immediately captured and exfiltrated.
Antivirus companies keep providing updates and patches to deal with the most recent and latest threats. These updates and patches should not be ignored. Keeping your antivirus programs updated can save you from many problems.
You can use full-fledged malware protection kits, as they are designed and equipped to guard your computer systems from vulnerabilities and threats.
If the Internet is about the freedom to access whatever you want, then keeping your computer system protected and shielded (while you browse your favorite sites) is cyber wisdom.