Police, security firms team up and take down Shylock malware

Summary:The notorious Shylock, a dangerous financial Trojan, has been disrupted due to the efforts of police and security experts.

password_security

International law enforcement and security experts have disrupted the activities of the financial Trojan Shylock, according to the UK National Crime Agency (NCA).

Announced on Thursday, the global takedown was led by the NCA alongside the FBI, Europol, Dell SecureWorks, GCHQ, Kaspersky Lab and other security firms. The groups "jointly addressed" the Shylock Trojan, seizing the Command and Control (C&C) servers — which relay instructions to the malware — in a series of stings, as well as taking control of the domains Shylock uses for communication between infected computers.

Shylock is so called because the malicious code contains excerpts from Shakespeare’s Merchant of Venice. Security experts at Symantec say that the Trojan is "seen as one of the world's most dangerous financial Trojans" as it is designed to intercept banking transactions conducted online and lifts victim credentials as a result.

More advanced than other banking Trojans, Shylock has a targeted distribution network that allows the cyberattackers to infect victims through multiple channels, and the Trojan has been continuously updated in response to countermeasures set by targeted banks. In addition, the malware is modular, allowing criminals to change its functionality quickly and easily.

Shylock is privately owned and has not been seen for sale in underground markets.

The stings were conducted from the European Cybercrime Centre (EC3) at Europol in The Hague, and investigators worldwide from the NCA, FBI, the Netherlands, Turkey and Italy coordinated action in their respective countries, acting at the same time as counterparts in Germany, Poland and France.

Symantec estimates that the cybercriminals behind Shylock have stolen a million dollars from victims over the past three years, with over 60,000 infections being detected in the past year alone. The NCA predicts that Shylock has infected at least 30,000 Windows computers worldwide, with the UK targeted more than any other country.

Symantec's estimates for Shylock's geographical targeting is shown below.

Screen Shot 2014-07-11 at 11.38.50

Troels Oerting, head of the European Cybercrime Centre (EC3) at Europol, said:

The European Cybercrime Centre is very happy about this operation against sophisticated malware, playing a crucial role in the work to take down the criminal infrastructure. [..] We have been able to support frontline cyber investigators, coordinated by the UK's NCA, and working with the physical presence of the United States' FBI and colleagues from Italy, Turkey and the Netherlands, with virtual links to cyber units in Germany, France and Poland.

Topics: Security, Symantec

About

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.