Shylock Banking Malware Modified to Spread through Skype, says CSIS

The updated Shylock home banking malware has been modified with novel functionality that permit it to disperse instantly via a well-known Skype voice-over-IP and instantaneous messaging client, as per CSIS Security Group, a Denmark-based IT security firm.

Shylock, a Trojan program is named on the character from Shakespeare's "The Merchant of Venice" in 2011. The Trojan is enabled to grab online banking information and other financial details from compromised computers.

According to the CSIS Security Researchers, the malware's new Skype-related functionality was supplementary and was in the form of a plug-in known as "msg.gsm."

This plug-in permits the code to multiply via Skype and adds the following functionality: firstly, conveying messages and shifting the files. Secondly, the plug-in also cleans messages and sends it from the history of Skype (using sql-lite access to Skype%smain.db). Thirdly, bypass Skype warning/restriction for linking to Skype (using "find window" and "post message"), and sends request to servers: https:// a<removed>s.su/tool/skype.php?action=...," as per the CSIS evaluation.

The recent Shylock malware also contain some other additional features, such as the capability to disperse through network shares and USB drives. The attacker behind the malware has the ability to enact a number of functions once he's on the compromised machine, containing grabbing cookies, injecting malicious code into the site and downloading and running files.

The Shylock authors seem to aim users from various corners of the world. According to the map displaying the dispersal of Shylock infections that was reported by CSIS, a high concentration of victims are exhibited from the U.K. Nevertheless, there are also various Shylock-infected computers around Mainland Europe and the US.

Security vendors have already initiated advancing anti-virus products with new definition for this form of the Shylock malware to ensure uncompromised user's security.

Microsoft, in the meantime, continues the windows live messenger-Skype transition, which it announced latently, with users inspired to transfer to the VoIP platform before March 15, 2013. WLM will go offline during this time. In fact, offer on its messenger and substitute of it with Skype might have been a reason urging the attention of the unfamiliar cyber crooks behind the malware into forming further components that permit their formation to disperse via Skype chat, speculates CSIS.

Related article: Sales Lost in E-commerce Due to Security Anxiety

» SPAMfighter News - 1/28/2013