3 min read

Computer cops strike at the heart of Shylock malware

Graham CLULEY

July 11, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Computer cops strike at the heart of Shylock malware

Computer crime fighters have today announced that they have seized essential infrastructure used by the highly advanced Shylock banking malware, effectively neutralising an attack which has already infected at least 30,000 Windows computers.

Shylock, which gains its name because its code includes random excerpts from “The Merchant of Venice”, has been used by its criminal overlords to raid the online bank accounts of innocent computer users, after downloading malware onto compromised computers and injecting itself into web sessions.

Quite why the malware author who created Shylock decided to incorporate excerpts of one of Shakespeare’s most famous plays is unclear, but it’s possible that it was a sick joke playing on the character demanding a “pound of flesh” after a bankrupt Antonio defaults on a loan.

The Shylock malware is extremely sophisticated and has proven to have – until now – a resilient infrastructure that was hard for the authorities to disrupt.

Typically spread via malicious links in spammed out messages, the Shylock malware would lurk in the background on infected computers – waiting for the user to visit a banking website.

Once Shylock detected a computer user was attempting to access an online bank account, the malware would display a fake screen designed to steal login credentials and send them to criminals.

As well as logging keystrokes, Shylock could record what was happening on the users’ screen and steal detailed information about what software was installed on the victim’s computer.

As Bitdefender has previously reported, the malware has continued to evolve – notably, for instance, it was updated in early 2013 to spread using Skype’s chat function, sending messages and transferring files via the VOIP service without the knowledge of users.

For over two years, the Shylock cybercrime gang have been able to steal sensitive banking information from unsuspecting users, costing the banking industry millions of pounds.

There is no disputing that Shylock (which Bitdefender products detect as Gen:Variant.Kazy.14303, but is also known as Caphaw) has been a thorn in the side of the UK’s National Crime Agency, because the malware appears to particularly target computer users in the country.

Some studies have suggested that 61% of websites compromised by the malware were UK-based, and that three quarters of the banks being targeted were British.

Recently, however, the Shylock gang has widened its scope – stealing information from users in other countries, including Germany, Denmark, Turkey and Italy, and inflicting financial damage on both individuals and small businesses.

It is no surprise, therefore, to see the NCA join forces with the FBI, Europol, the German Federal Police (BKA), and members of the security industry to gather intelligence about the malware and its infrastructure.

Fascinatingly, Britain’s GCHQ intelligence-gathering agency is also said to have been involved in the investigation, although in what capacity has not been made clear.

Sadly, no arrests have been announced to date in connection with Shylock – but Europol has said that there may be additional action taken by law enforcement agencies after previously unknown parts of the malware’s infrastructure were uncovered.

The most important thing, of course, is not to allow your computer to become infected in the first place.

In its warning, the NCA urged users to be suspicious of clicking on unsolicited links and to treat their computer security as being of paramount importance – keeping vulnerability patches and anti-virus software updated.

Ensuring that your computer is automatically applying security updates is probably a sensible step for the typical home user, and will help to protect against both this and other malware threats.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read