ID: IRCNE2013041816
Date: 2013-04-13
According to “ComputerWorldUK”, the prodigious Shylock man-in-the-browser (MitB) banking Trojan is still being upgraded as part of a campaign to migrate from its traditional targets in UK financial services to foreign ones, Symantec has reported.
Malware platforms are constantly evolving but the new Shylock modules wouldn't sound out of place on a high-end commercial software product.
These include a new DiskSpread utility that allows the Trojan to infect external and USB drives, a plug-in for scraping FTP and other passwords, and something called 'BackSocks' which turns the compromised PC into a proxy server.
Other features include Archiver, a utility for compressing video files so they can be more easily uploaded to a remote server, and a 'VNC' facility to give criminals a remote connection to the victim's computer.
There is even MsgSpread, an add-on that gives Shylock a way of spreading itself using Skype connections, a feature that was first noticed in January.
Shylock can also load balance, shifting incoming traffic from victims from server to server as demand dictates.
Importantly, from roughly last October onwards it started diversifying its aim towards Italy and the US.
"As some financial institutions become less desirable as targets, either due to increased security measures or a lack of high-value business accounts, Shylock is refocusing its attacks on those offering potentially larger returns," said Symantec.
- 6