Shylock Trojan … no merchant of Venice

by Martin Quinn (Principal Consultant) 3 April 2013

This week’s blog is a real doozie. Out in the wild west that is the internet, a nasty piece of software(malware) is being circulated by organised crime, what makes this software unique is that it doesn’t hijack your browser or break in using email or a nefarious attachment, it doesn’t pose as a carbon copy of your favourite social media website lying in wait for you to enter your username and password. This sneaky piece of software comes to you via Skype.

The Shylock Trojan distributes itself via Skype, it sends itself as a file, bypasses any warnings generated by Skype by confirming itself and cleaning up any alerts or messages from the Skype history. Nasty stuff, but that’s just the half of it. Its designed to target your home banking accounts, and deliver this information to the command and control machine when if phones home. It hides this in plain view, by sending initial information out over https and then setting up a VNC listener to receive commands. Once installed your machine becomes a zombie in a botnet and attempts to recruit others in your immediate network and your Skype network.

Shylock only seems to be really active in a few parts of the world, with the epicentre primarily located in the UK. However, with the internet having no borders, this doesn’t bode well for expats located in Australia. Shylock is one of the most advanced Trojan-banker pieces of malware currently being used in attacks against home banking systems, with the code constantly being updated and new features being added regularly.Making this malware particularly slippery, as antivirus detection is low due to the software signature changing so rapidly.

So what is this week’s takeaway?

Ask yourself, is Skype justified for use as a business application?

If not,  then remove it from your business’s network.

If so, then ensure that file transfer is disabled (done through registry settings).

 

If you believe you may have fell victim to an attack, Contact Intact Security for an obligation free chat on 02 9227 8201

Relax, your Security is Intact

Author: Intact Security
Google

Posted on by Martin Quinn in Security Blog