18 Jan 2013

Shylock Banker Trojan Rings Twice on Skype


Two-year old Shylock Trojan is expanding its reach to Skype users with an upgrade that allows it to message itself to new victims, according to Danish security consultancy CSIS. The new module, dubbed msg.gsm, lets the Trojan covertly send messages and transfer files using Skype by bypassing the warnings and restrictions enforced by the client application.

Once on the system, the Trojan harvests cookies for the target services, sets up a remote connection and modifies the bank’s login page in real time by injecting its specific code. Unlike Zeus, which has been put on hold by its developers, Shylock is under active development and sells to a cyber-criminal elite.

"Shylock is one of the most advanced Trojan-banker currently being used in attacks against home banking systems," wrote Peter Kruse on the CSIS blog. "The code is constantly being updated and new features are added regularly."

Last year, Shylock received an update that allows the Trojan to evade detection by refusing to install on computers that appear not to be used by regular users. If the system it lands on is controlled via a remote desktop session, the Trojan refuses to run, preventing its behavior from being inspected in lab conditions.

As always, a good antivirus with up-to-date definitions will help you detect the intruder and block it as it hits your PC.