Wednesday, August 8, 2012

Shylock Trojan Swaps Bank's Number with Attacker's on Bank Websites

Bank IconWhoever is behind the Shylock Trojan is a big fan of chatting.

In February, Trusteer researchers discovered a configuration of the financial data stealing malware that used advanced web injection tactics to start live chat sessions between cybercriminals and their victims. This allowed fraudsters to obtain whatever information they wanted from targets in real-time.

Now Symantec researchers have stumbled upon a new variant of the Shylock Trojan that strives to spark up a conversation between victim and attacker by manipulating the bank’s contact information online, replacing the bank’s telephone number with the attacker’s.

Shylock Trojan Injects Fake Numbers on Bank Website
Photo Credit: Symantec

The numbers used by the attackers are disposable numbers, which can be easily created online. Hopefully anyone that’s presented with an injected fake telephone number gets the same results as Symantec researchers when they attempted to call: The first fake number Symantec researchers dialed instructed them to call a second number, and that second number rang without answer.

Despite not being able to reach the attackers, Symantec believes that the fake phone numbers are used by the bad guys to collect sensitive login or financial details from their victims and/or attempt to keep them from notifying their bank of any account issues.

The Shylock Trojan is said to target U.K. online banking websites, although their detection heat map (shown below) shows that the malware is present in other parts of the world.

Shylock Trojan Infection Heat Map
Photo Credit: Symantec

Protecting Your PC from Shylock

To minimize the chances of a Shylock Trojan infection, users are advised to:

  • Keep their operating system and installed software (especially Adobe Flash, PDF Reader and Java) fully patched and up-to-date.

  • Run antivirus software and keep the virus definitions current.

  • Exercise caution when browsing the web (that means no falling for social media scams or fake Adobe Flash updates) and checking email (no downloading files attached to emails from unknown sources).

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment