CENTRAL IT SALES SERVICES NEWS PRODUCTS HOSTING SUPPORT CONTACT
item6

Click here to receive our newsletter and special offers delivered direct to your inbox.

item6a1
item3a
item3a

Report a Problem

Check on a Request

Knowledge Books

System Status

Latest News

Repair Extension Programmes

Download Remote Software

item3a
item3a
item6a1b

Blog Archive

Monday 15 April 2013

Shylock Trojan aims for global targets, Symantec warns


The prodigious Shylock man-in-the-browser (MitB) banking Trojan is still being upgraded as part of a campaign to migrate from its traditional targets in UK financial services to foreign ones, Symantec has reported.

Malware platforms are constantly evolving but the new Shylock modules wouldn't sound out of place on a high-end commercial software product.
These include a new DiskSpread utility that allows the Trojan to infect external and USB drives, a plug-in for scraping FTP and other passwords, and something called "BackSocks" that turns the compromised PC into a proxy server.
Other features include Archiver, a utility for compressing video files so they can be more easily uploaded to a remote server, and a "VNC" facility to give criminals a remote connection to the victim's computer.
There is even MsgSpread, an add-on that gives Shylock a way of spreading itself using Skype connections, a feature that was first noticed in January.
Shylock can also load balance, shifting incoming traffic from victims from server to server as demand dictates.

Shylock targets banks

What is unusual about Shylock is the extent to which it has favored attacking a wide range of UK banks since appearing in late 2011. That might or might not explain why every revision of its binaries adds more fragments from the Merchant of Venice—or this could just be a simple way of changing its file signature.
Importantly, in roughly last October it started diversifying its aim toward Italy and the U.S., so the national focus could just be a means of exhausting one set of institutions before moving on to less protected targets.
"As some financial institutions become less desirable as targets, either due to increased security measures or a lack of high-value business accounts, Shylock is refocusing its attacks on those offering potentially larger returns," said Symantec.

DON'T-MISS STORIES

item6a2a2

Copyright © Central IT Services Ltd

bannernews
CENTRAL IT SERVICES NEWS PRODUCTS HOSTING SUPPORT item6a2a2