UK’s NCA Disables Trojan Shylock

An effort at worldwide level, primarily by National Crime Agency of the UK, successfully terminated the Shylock malicious program that contaminated 30,000 or more Windows computers globally followed with stealing money from many people's accounts when they conducted Internet banking, published theguardian.com, July 10, 2014.

Global law enforcement agencies comprising Europol, the Federal Police of Germany and the FBI tracked and captured Shylock's command-and-control infrastructures. The malware's name follows from its code that has excerpts from the famous classical play, Merchant of Venice by Shakespeare.

GCHQ, the intelligence agency of UK, too participated during the investigation of the online crooks' activity.

Worldwide cyber cops who came together during 9-10 July 2014 within EC3 (European Cyber Crime Center) situated in The Hague (Netherlands) based Europol also closed the websites utilized for regulating the malware.

Deputy Director Andy Archibald of the National Cyber Crime Department of NCA stated that the above activity's progression was aimed at making an enormous impact on Shylock's C&C servers that showed the manner in which the Department utilized partnerships between nations and sectors for mitigating cyber-crime affecting United Kingdom. Bbc.com reported this, July 10, 2014.

There's another name of Shylock viz. Caphaw. As per Europol, Shylock's/Caphaw's presence continues from 2011 during when it victimized most users within UK; however, its contamination occurred within Italy, Turkey, Denmark and US also.

The Trojan is normally delivered through drive-by download or spam assaults. Once on a PC, it attacks browser processes for sniffing activities of the user. If that user visits a targeted financial online site, the Trojan inserts HTML code along with JavaScript inside web-pages for so duping him that he'd give away personal details. Shylock records videos and seizes screenshots too.

Moreover, for concealing its track, Shylock's perpetrators utilize DGA (domain generation algorithm) that also helps in transmitting filched details to the remote perpetrators. This feature is characteristic of malware like TDL/TDSS, Zeus and PushDo as well. The DGA enables bypassing security detection, according to experts.

Meanwhile, NCA has urged end-users who don't get Windows update by default for visiting Microsoft's website to know more how to scan as well as eliminate the malware.

» SPAMfighter News - 7/21/2014