YouTube users were targeted by a classic drive-by download attack by exploiting client Java software vulnerabilities and serving Caphaw Banking Trojan. Experts at Bromium Labs discovered that YouTube advertising network has been abused by attackers to spread malicious code. Google, which owns YouTube, has already taken down the malvertisment campaign and it is investigating on the attach to prevent future offensives. The attackers exploited the Java vulnerability (CVE-2013-2460) to infect victims, interesting to note that malware is able to detect the specific Java version installed on the users machine.”]