Demystifying the Shylock Trojan

Shylock is designed to steal online banking credentials from the PCs of its victims... Shylock first appeared in 2011, aimed mainly at victims in the UK, but subsequently spread to other countries within Europe and to the United States.
|

Last week we heard that yet another cybercrime campaign has been disrupted by an alliance of law enforcement and industry bodies. This comes just a few weeks after police were able to take down the infrastructure behind the GameOver Zeus botnet. This latest operation involved measures against the Internet domains and servers that form the core of an advanced cybercriminal infrastructure that used the Shylock banking Trojan to attack online banking systems around the globe.

But what is Shylock and how does it affect you?

Shylock - so-called because its code contains excerpts from Shakespeare's The Merchant of Venice - is a banking Trojan. Like Zeus, SpyEye, Carberp and other similar malware, Shylock is designed to steal online banking credentials from the PCs of its victims. It does this by injecting fake data entry fields into the web page loaded in the victim's browser - a so-called 'man-in-the-browser' attack. Victims are typically tricked into running the malware by clicking on malicious links. Shylock then seeks to access funds held in business or personal bank accounts, and transfers them to accounts under the control of the attackers. Shylock first appeared in 2011, aimed mainly at victims in the UK, but subsequently spread to other countries within Europe and to the United States. You can find more information, including data on the spread of the malware, here.

All banking Trojans, Shylock included, target bank customers, hoping to take advantage of what is often the least protected element of any financial transaction - i.e. the human. So it's really important to secure yourself and your PC, to keep your money as safe as possible.

Top tips on staying safe when banking online

  • Protect all your computers using Internet security software.
  • If your Internet security software offers a mechanism for securing banking transactions, (such as the Safe Money feature in Kaspersky Internet Security) use it for all sensitive online transactions.
  • Apply security patches to your operating system and applications as soon as they are released - don't put it off!
  • Don't click on links or attachments in unsolicited messages - it's always better to type a URL directly into your browser, to avoid the risk of being taken to a phishing site.
  • Use a unique, complex password. This means one that mixes letters, numbers and special characters; that is at least eight characters - ideally 15; and one that doesn't use personal information (such as a spouse's name) or words found in a dictionary.
  • Keep an eye on your account for any suspicious activity; and alert the bank immediately if you see anything you can't account for.