light bulb

Did You Know?



Reply
Posts: 8,458
Topics: 581
Kudos: 7,047
Registered: ‎02-03-2012

New Variant of Shylock Banking Malware Spread via Skype


Monday, January 21, 2013
Contributed By:
Pierluigi Paganini

9a824a3f55b26adad5431f6715dbec2e

(Translated from the original Italian)

The news is very concerning, a new variant of the banking malware known as Shylock has been detected, it includes the capability to spread over Skype.

Shylock is an old acquaintance for security community, the malware was detected for first time in 2011 by experts from Trustee firm, it is used to steal banking credentials from its victims and is considered one of the most insidious cyber threat for banking.

The first version of the malware demonstrated improved methodology for injecting code into browser to remote control the victim and an improved evasion technique to prevent detection by common antivirus software.

Curiously, the origin of the name for the malware, Shylock is the money lender in Shakespeare's opera The Merchant of Venice.

As many other malware (e.g. Zeus) it has been update in the time, in many cases the provisioning of a malware has been done through the malware-as-service model in adopted by author to implement various requests of the clients.

The news has been published by researchers from CSIS Security Group, that revealed that that the authors of malware have implemented a plugin named "msg.gsm" that allows the code to spread through the popular VOIP client including the following functionality:

  • Sending messages and transferring files
  • Clean messages and transfers from Skype history (using sql-lite access to Skype%smain.db )
  • Bypass Skype warning/restriction for connecting to Skype (using “findwindow” and “postmessage”)
  • Sends request to server: https://a[removed]s.su/tool/skype.php?action=...

 

Full Article

 

TH

coollogo_com-133794099.gif


asapvip.png  SigSVIP.png EPA.png


Webroot® SecureAnywhere™ Internet Security Complete Beta v8.0.7.33 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit, Win 10 Preview 32bit & 64bit Build 9926 all on VM's also on my HTC One M8 Android Lollipop 5.0.1 Phone v3.6.0.6652.


MVP.gif.png Microsoft® MVP Consumer Security


Twitter.png Untitled-1.png Community-Badges-BetaTester.png

Posts: 880
Registered: ‎08-06-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

I do not use Skype much at all, so current this will not affect me. However, I can see how this should be a major concern for all Skype users, and I imagine that Shylock (or some variant) will spread further though a different method.
___________________________________________________________
Corey B.
Protected by Webroot


Create New Trouble Ticket | Account Console | User Guides |

Posts: 1,194
Registered: ‎02-03-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

Thanks TH for posting. Good read. :smileywink:

 

Expert Advisor

Posts: 1,677
Topics: 71
Kudos: 762
Ideas: 17
Registered: ‎02-23-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

I guess this nasty malware will spread over the social network very soon. I hate all this Facebook, Twitter, Google+ and Skype including.

Sr. Expert Advisor

Posts: 1,194
Registered: ‎02-03-2012

Re: New Variant of Shylock Banking Malware Spread via Skype


pegas wrote:

I guess this nasty malware will spread over the social network very soon. I hate all this Facebook, Twitter, Google+ and Skype including.


I agree with you on that. :smileywink:

 

Expert Advisor

Threat Researcher
Posts: 201
Registered: ‎08-29-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

[ Edited ]

Chat clients have long been a popular attack vector for malware authors, and with Microsoft moving from Messenger to Skype we can expect to see more malware using Skype to spread.

Webroot Threat Research
Posts: 880
Registered: ‎08-06-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

You know, a lot of elderly people use Skype to communicate with their families. I can see where these folks, who do not knwo much at all about computer security, can get in trouble. Many of them use their computer to Skype woith family, and check on their bank and other finicial accounts.

 

Big business for the bad guys.

___________________________________________________________
Corey B.
Protected by Webroot


Create New Trouble Ticket | Account Console | User Guides |

Posts: 1,194
Registered: ‎02-03-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

Skype came pre-installed on our Toshiba Satellite laptop that my Wife uses. That was one of the many pre-installed programs I uninstalled.

 

 

Expert Advisor

Posts: 1,677
Topics: 71
Kudos: 762
Ideas: 17
Registered: ‎02-23-2012

Re: New Variant of Shylock Banking Malware Spread via Skype


ProTruckDriver wrote:

Skype came pre-installed on our Toshiba Satellite laptop that my Wife uses. That was one of the many pre-installed programs I uninstalled.

 


While you can uninstall Skype and other similar from Microsoft OS you can't do that from Android devices unless it's rooted what's a shame. I have on my Android device preinstalled Facebook, Twitter and others but I can't uninstall them due to the said restriction.

Sr. Expert Advisor

Posts: 5,697
Kudos: 4,594
Registered: ‎10-28-2012

Re: New Variant of Shylock Banking Malware Spread via Skype

As my tagline states... I am here to learn.  So... that means time for what may be a stupid question for some of you.

 

How is the transmission of this obtained in Skype?  Is it able to infect simply by communicating with an infected user, or does it need to be transmitted as part of a link/image/file?


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)