Police, security firms team up and take down Shylock malware

Police, security firms team up and take down Shylock malware

Summary: The notorious Shylock, a dangerous financial Trojan, has been disrupted due to the efforts of police and security experts.

TOPICS: Security, Symantec

International law enforcement and security experts have disrupted the activities of the financial Trojan Shylock, according to the UK National Crime Agency (NCA).

Announced on Thursday, the global takedown was led by the NCA alongside the FBI, Europol, Dell SecureWorks, GCHQ, Kaspersky Lab and other security firms. The groups "jointly addressed" the Shylock Trojan, seizing the Command and Control (C&C) servers — which relay instructions to the malware — in a series of stings, as well as taking control of the domains Shylock uses for communication between infected computers.

Shylock is so called because the malicious code contains excerpts from Shakespeare’s Merchant of Venice. Security experts at Symantec say that the Trojan is "seen as one of the world's most dangerous financial Trojans" as it is designed to intercept banking transactions conducted online and lifts victim credentials as a result.

More advanced than other banking Trojans, Shylock has a targeted distribution network that allows the cyberattackers to infect victims through multiple channels, and the Trojan has been continuously updated in response to countermeasures set by targeted banks. In addition, the malware is modular, allowing criminals to change its functionality quickly and easily.

Shylock is privately owned and has not been seen for sale in underground markets.

The stings were conducted from the European Cybercrime Centre (EC3) at Europol in The Hague, and investigators worldwide from the NCA, FBI, the Netherlands, Turkey and Italy coordinated action in their respective countries, acting at the same time as counterparts in Germany, Poland and France.

Symantec estimates that the cybercriminals behind Shylock have stolen a million dollars from victims over the past three years, with over 60,000 infections being detected in the past year alone. The NCA predicts that Shylock has infected at least 30,000 Windows computers worldwide, with the UK targeted more than any other country.

Symantec's estimates for Shylock's geographical targeting is shown below.

Screen Shot 2014-07-11 at 11.38.50

Troels Oerting, head of the European Cybercrime Centre (EC3) at Europol, said:

The European Cybercrime Centre is very happy about this operation against sophisticated malware, playing a crucial role in the work to take down the criminal infrastructure. [..] We have been able to support frontline cyber investigators, coordinated by the UK's NCA, and working with the physical presence of the United States' FBI and colleagues from Italy, Turkey and the Netherlands, with virtual links to cyber units in Germany, France and Poland.

Topics: Security, Symantec

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Hmmm...

    Not saying it shouldn't be dealt with, but a million dollars over three years doesn't sound like much.
  • Hmmm...

    Not saying it shouldn't be dealt with, but a million dollars over three years doesn't sound like much.
  • enough

    I agree. A million world wide doesn't seem like much but if they didn't deal with it I imagine it might have skyrocketed. I wish law enforcement agencies would take a harder stand on online crimes. There is no difference between someone stealing online, someone pickpocketing you, breaking into your locker and taking your wallet and other valuables, etc. A thief is a thief.