Skip to main content

Shylock Trojan targets 24 banks

By

Two-dozen US and European banks have been targeted by the Shylock Trojan.

Shylock avoids detection as it injects itself into legitimate processes.
Shylock avoids detection as it injects itself into legitimate processes.
Twenty-four banks across Europe and the US have recently been targeted by Shylock – aka Capshaw –financial malware that has actively been going after bank accounts since 2011.
The countries with the highest number of infections are the UK, Italy, Denmark and Turkey.
Sachin Deodhar and Chris Mannon, researchers from Zscaler's ThreatLabZ, have reported this upswing in activity, but say they are currently unable to identify the initial infection vector.
"We can tell that it is more than likely arriving as part of an exploit kit honing in on vulnerable versions of Java. The reason we suspect this is that the user-agent for every single transaction that has come through our Behavioral Analysis solution has been: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_07."
Shylock avoids detection as it injects itself into legitimate processes; for example, explorer.exe or iexplore.exe. At the same time, it obfuscates its phone home traffic by employing a domain-generated algorithm (DGA) to create addresses using self-signed SSL certificates.
In this way, a traditional network monitoring solution's ability to dissect the packets on the wire for any malicious transactions is limited.
The use of DGA in malware is not new. These algorithms are used by other malware families to periodically generate a large number of domain names that can be used as rendezvous points with their controllers.

The victims

Bank of Scotland
Barclays Bank
First Direct
Santander Direkt Bank AG
First Citizens Bank
Bank of America
Bank of the West
Sovereign Bank
Co-operative Bank
Capital One Financial
Chase Manhattan
Citi Private Bank
Comerica Bank
E*Trade Financial
Harris Bank
Intesa Sanpaolo
Regions Bank
SunTrust
Bank of Ireland Group Treasury
US Bancorp
Banco Mercantil, SA
Varazdinska Banka
Wintrust Financial
Wells Fargo Bank
The myriad points makes it extremely hard for law enforcement to effectively shut down botnets since infected machines will try to contact some of these domain names every day to receive updates or commands.
Notorious malware families and botnets, such as PushDo, Zeus and TDL/TDSS, also employ DGA to target financial institutions, and carry out targeted attacks.
Preventing infection
John McLoughlin, MD of J2 Software, which distributes Zscaler locally, says cyber criminals go to great lengths to create malware that scam users more effectively. "However, many of these threats are just tweaked updates of old ones, with added functionality. With the right protection and a little savvy, users can avoid just about all threats out there."
He advises users to always make sure their devices are updated and secure, with a good anti-malware product. "Be sceptical of random pop-up windows, error messages and attachments. Even mails from trusted sources that don't seem quite right. Get rid of spam – identify spam, and mark it as such to avoid getting more in the future."
Also, McLoughlin says to think before installing new software. "Make sure any software you want to install is legit, and don't download from a source you don't trust 100%. Use common sense – behave online as you do in real life. Trust your instincts."
Labels:

Comments

Post a Comment

Popular posts from this blog

DO YOU WANT TO BECOME A MASON IN NIGERIA

By
 After all i have said about this fraternity if you are still interested in becoming a mason there are just simply ways in which you can do that, but inspite of my post i am neither encouraging nor discouraging you all i am doing is just to let you know more about this frat and there's more to come about those who have joined, the so called stars like jay-z, kanye west etc i guess its just 7 simple ways to join and off you go  Are there things you want to accomplish in your life? Are there ways you want to enrich yourself? Do you enjoy being with people you like and respect? As a Freemason, you’ll find friendship and fraternity. You’ll develop life skills like self-confidence, leadership, and effective communication. You’ll learn to work as part of a team  and to better yourself as you help others. Think about taking the first step into becoming a Mason. It is widely thought that one must be invited to become a Freemason or that Freemasonry is so exclusive as to be beyond the
240 comments
Read more

13 Places You Should Visit In before the end of 2013

By
  Wikimedia Commons It's more than halfway through 2013 and even though the summer is winding down, there's still plenty of time to book a trip to a great destination. We looked at major developments, cultural trends, and global festivals to find the hottest places to travel around the world in 2013. There are vast untouched landscapes that offer incredible outdoor experiences, cities that are experiencing a cultural rebirth, and up-and-coming destinations that offer great deals and few tourists. London, England Since Kate Middleton gave birth to Prince George Alexander Louis last week , England has been in the national spotlight, and is expecting a tourism boost. But that's not the only reason to visit the UK right now. The 2012 Summer Olympics in London came and went, but many of the buildings, restaurants, hotels and venues that sprouted up to accommodate the hundreds of thousands of visitors who came for the Olympics still stand. Several new building
Post a Comment
Read more

Samsung reportedly close to releasing Glass competitor — and Google’s involved

By
This one is definitely a rumor, but its source is reliable enough to warrant a little speculation. Analyst and blogger  Eldar Murtazin  tweeted a rather definite message this week that Samsung is “developing [its] own version of Google Glass. We will see it (probably) around April – May under Gear Glass brand.” Given that Google’s own version of Glass is not expected to hit the mass market until early 2014, Samsung’s Glass competitor could very well race Google’s to market. That might seem like a nightmare for Google, which has invested heavily in Glass and is no doubt planning for a strong event launch, but as was pointed out in a CNet article, the use of the word “Glass” implies an official partnership. Samsung is known for its aggressive branding and Google would likely raise legal concerns regardless, so it’s unlikely the brand Gear Glass would be used without a partnership. Does Google even want to sell Glass, or does it just want you wearing face-screens? If Goog
Post a Comment
Read more