New financial malware attacks global financial institutions
Posted on 07.09.2011
Trusteer warned that a second non-financial malware variant called Shylock has been retrofitted with fraud capabilities and is abusing its large installed base of infected machines to attack global financial institutions.


Unlike the non-financial malware Ramnit which turned into a fraud platform, Shylock doesn’t incorporate tactics from the infamous Zeus Trojan.

It appears criminals have custom developed financial fraud capabilities for Shylock.

Shylock uses unique mechanisms not found in other financial malware toolkits, including:
  • An improved method for injecting code into additional browser processes to take control of the victim’s computer
  • A better evasion technique to prevent malware scanners from detecting its presence
  • A sophisticated watchdog service that allows it to resist removal attempts and restore operations.
"As with all financial fraud toolkits, Shylock’s detection rate among anti-malware solutions and fraud detection systems is extremely low," said Amit Klein Trusteer’s CTO. "The ability of cyber criminals to develop, distribute, and operate new tools under the radar of the industry is troubling. Enterprises and individuals continue to rely on security architectures that were designed 20 years ago and have limited value in protecting their critical assets against cybercrime attacks."





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //