New financial malware attacks global financial institutions
Posted on 07.09.2011
Trusteer warned that a second non-financial malware variant called Shylock has been retrofitted with fraud capabilities and is abusing its large installed base of infected machines to attack global financial institutions.


Unlike the non-financial malware Ramnit which turned into a fraud platform, Shylock doesn’t incorporate tactics from the infamous Zeus Trojan.

It appears criminals have custom developed financial fraud capabilities for Shylock.

Shylock uses unique mechanisms not found in other financial malware toolkits, including:
  • An improved method for injecting code into additional browser processes to take control of the victim’s computer
  • A better evasion technique to prevent malware scanners from detecting its presence
  • A sophisticated watchdog service that allows it to resist removal attempts and restore operations.
"As with all financial fraud toolkits, Shylock’s detection rate among anti-malware solutions and fraud detection systems is extremely low," said Amit Klein Trusteer’s CTO. "The ability of cyber criminals to develop, distribute, and operate new tools under the radar of the industry is troubling. Enterprises and individuals continue to rely on security architectures that were designed 20 years ago and have limited value in protecting their critical assets against cybercrime attacks."





Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //