By CagedTech in Trojans

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 580
First Seen: October 6, 2011
OS(es) Affected: Windows

Caphaw (also known as Shylock) is a treacherous banking Trojan that first appeared in 2011. The creators of this threat use a very sophisticated infrastructure that enables them to perform attacks on financial institutions and ordinary people as well. Europol reports that currently there are over 30 000 infected computers worldwide which is a huge number and may cause severe damage. The Trojan initially has been especially active in the UK, Italy and Poland but now the cyber crooks have placed their attention on the developing markets of Russia, Turkey, Vietnam and Brazil. When the payload is loaded into your computer, Caphaw may grant remote access to your system, and its operators may use that for all kinds of evil-minded actions. In some cases, the Trojan may inject codes and fake phone numbers in the websites of several financial institutions all in order to obtain your login data. This feature may be combined with keylogging function, and for this reason, the threat is of very high-level and needs to be removed immediately.

How Does Caphaw Reach Your PC?

The most common way for spreading is via a corrupt link sent by popular social networks or chat programs such as Facebook and Skype. When one person gets infected with this threat, it can obtain control of several processes and alter their functionality. The Trojan may automatically send contaminated links to all contacts of the infected person. This method has proven very efficient because the message appears as an innocent YouTube video or something similar which doesn't attract suspicions. Caphaw also utilizes system vulnerabilities in order to sneak into the computer without providing any information to the user. Example of this is an exploit kit that takes advantage of outdated Java or Adobe versions and downloads the Trojan automatically. The cyber crooks may also spread their threatening product through e-mail spams containing the Trojan in a seemingly innocent attachment. On no occasion, should you open such files unless you expect the e-mail.

What Makes Caphaw One of the Most Dangerous Banking Trojans?

There are not too many visible symptoms of Caphaw as it prefers to work inconspicuously while carefully monitoring everything you do on your PC. However, as the Trojan performs several different processes at the same time and seizes a lot of your RAM, you may notice significant speed drop of your system. The threat downloads additional programs that may cause further damage automatically. The most threatening applications include remote connection tools, password stealers, Web injects modifying money-related sites and even backdoor programs. When the crooks target various institutions, the Trojan allows them to transfer important files from infected computers to remote servers. In short, Caphaw combines a number of tools and gives its operators endless opportunities to harm your computer and get your money. What makes Caphaw especially difficult to remove is that the Trojan inserts its codes into essential Windows processes such as cmd.exe, explorer.exe and svchost.exe. Also, the threat applies several rootkit techniques that eventually make some conventional anti-virus programs ineffective.

How to Take Care of Caphaw before It Takes Care of Your Money?

If you have any suspicions or notice abnormal behavior of your PC, try to locate either a key.1.1.2.exe or netiougc.exe in your Task Manager. These tasks are associated with this threat but failing to detect them doesn't mean your PC is clean. The Trojan may be updated automatically and may change its settings, including the names of the running processes. In fact, sometimes Caphaw scans your system folder and copies the name of a legitimate process to impede detection further. For example, it may appear on your PC as %APPDATA%\taskmgr.exe, confusing not only you but your anti-virus software as well. The only way to remove such serious infection is by the use of a powerful, cutting-edge spyware removal tool. If you don't use a reliable software, the threat will reappear as soon as you restart your PC. The reason for this is because Caphaw has a function that enables the threat to restore itself if not deleted entirely. However, with a specially designed program, you will be able to eradicate the threat permanently and without any traces left in the system. This program will also protect you from other threatening programs that you may otherwise not even notice.

SpyHunter Detects & Remove Caphaw

File System Details

Caphaw may create the following file(s):
# File Name MD5 Detections
1. replace.exe c52ec2906d566a9e828754e2eadf32d3 225
2. DevicePairingWizard.exe ecaa123e1c3e06776d549de439c7d369 222
3. rekeywiz.exe 312394ea2bf6e8338dce1451583e1fa2 133

Related Posts


Most Viewed