Skip to main content

Shylock Trojan targets 24 banks

By

Two-dozen US and European banks have been targeted by the Shylock Trojan.

Shylock avoids detection as it injects itself into legitimate processes.
Shylock avoids detection as it injects itself into legitimate processes.
Twenty-four banks across Europe and the US have recently been targeted by Shylock – aka Capshaw –financial malware that has actively been going after bank accounts since 2011.
The countries with the highest number of infections are the UK, Italy, Denmark and Turkey.
Sachin Deodhar and Chris Mannon, researchers from Zscaler's ThreatLabZ, have reported this upswing in activity, but say they are currently unable to identify the initial infection vector.
"We can tell that it is more than likely arriving as part of an exploit kit honing in on vulnerable versions of Java. The reason we suspect this is that the user-agent for every single transaction that has come through our Behavioral Analysis solution has been: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_07."
Shylock avoids detection as it injects itself into legitimate processes; for example, explorer.exe or iexplore.exe. At the same time, it obfuscates its phone home traffic by employing a domain-generated algorithm (DGA) to create addresses using self-signed SSL certificates.
In this way, a traditional network monitoring solution's ability to dissect the packets on the wire for any malicious transactions is limited.
The use of DGA in malware is not new. These algorithms are used by other malware families to periodically generate a large number of domain names that can be used as rendezvous points with their controllers.

The victims

Bank of Scotland
Barclays Bank
First Direct
Santander Direkt Bank AG
First Citizens Bank
Bank of America
Bank of the West
Sovereign Bank
Co-operative Bank
Capital One Financial
Chase Manhattan
Citi Private Bank
Comerica Bank
E*Trade Financial
Harris Bank
Intesa Sanpaolo
Regions Bank
SunTrust
Bank of Ireland Group Treasury
US Bancorp
Banco Mercantil, SA
Varazdinska Banka
Wintrust Financial
Wells Fargo Bank
The myriad points makes it extremely hard for law enforcement to effectively shut down botnets since infected machines will try to contact some of these domain names every day to receive updates or commands.
Notorious malware families and botnets, such as PushDo, Zeus and TDL/TDSS, also employ DGA to target financial institutions, and carry out targeted attacks.
Preventing infection
John McLoughlin, MD of J2 Software, which distributes Zscaler locally, says cyber criminals go to great lengths to create malware that scam users more effectively. "However, many of these threats are just tweaked updates of old ones, with added functionality. With the right protection and a little savvy, users can avoid just about all threats out there."
He advises users to always make sure their devices are updated and secure, with a good anti-malware product. "Be sceptical of random pop-up windows, error messages and attachments. Even mails from trusted sources that don't seem quite right. Get rid of spam – identify spam, and mark it as such to avoid getting more in the future."
Also, McLoughlin says to think before installing new software. "Make sure any software you want to install is legit, and don't download from a source you don't trust 100%. Use common sense – behave online as you do in real life. Trust your instincts."
Labels:

Comments

Post a Comment

Popular posts from this blog

DO YOU WANT TO BECOME A MASON IN NIGERIA

By
 After all i have said about this fraternity if you are still interested in becoming a mason there are just simply ways in which you can do that, but inspite of my post i am neither encouraging nor discouraging you all i am doing is just to let you know more about this frat and there's more to come about those who have joined, the so called stars like jay-z, kanye west etc i guess its just 7 simple ways to join and off you go  Are there things you want to accomplish in your life? Are there ways you want to enrich yourself? Do you enjoy being with people you like and respect? As a Freemason, you’ll find friendship and fraternity. You’ll develop life skills like self-confidence, leadership, and effective communication. You’ll learn to work as part of a team  and to better yourself as you help others. Think about taking the first step into becoming a Mason. It is widely thought that one must be invited to become a Freemason or that Freemasonry is so exclusive as to be b...
240 comments
Read more

Police Introduce Biometric Vehicle Registration

By
The Police said the introduction of a new Biometric Central Motor Registration (BCMR) is designed to fight terrorism, Kidnapping and car theft in the country. Police force spokesman CSP Frank Mba made this known at a press briefing in Abuja yesterday. He said the registration take effect from Monday next week and would involve the registration processes of vehicles, tricycles and auto-bikes from the analogue to the new system. He argued that the decision informing the introduction of the new process was against the backdrop of contemporary security challenges bordering on terrorism, high incidence of car theft, carjacking, kidnappings and other crimes. Mba said unlike the analogue procedure, the new method operate on smart-cards and portable hand-held receiver and is a specially developed technological means of attaching automobile owner's unique traits and personal data to their vehicles for proper identification and protection purposes. He said the new system is d...
Post a Comment
Read more