Banking Malware Shylock spreads via Skype to target specific Countries

The home Trojan-banker known as Shylock has updated with new functions. It is noticed that Shylock is now capable of spreading using the popular Voice over IP service and software application, Skype. This allows the malicious Trojan-banker to infect more hosts and continue to be a prevalent threat, according to CSIS Security Group.
Shylock is one of the most advanced Trojan-banker currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly.
The Skype infection is based on a malicious plugin called msg.gsm and allows the malware to send messages and transfer files, clean messages and transfers from Skype history and even bypass the Skype warning for connecting to servers.
Besides from utilizing Skype it will also spread through local shares and removable drives. Basically, the C&C functions allow the attacker to:
- Execute files
- Get cookies
- Inject HTTP into a website
- Setup VNC
- Spread through removable drives
- Uninstall
- Update C&C server list
- Upload files
Currently, the Shylock detection ratio is zero, which shows its power with advance features. According to a map showing the distribution of Shylock infections that was published by CSIS, there’s a high concentration of victims in the UK. However, there are also many Shylock-infected computers throughout mainland Europe and the US.
email