Thursday, November 29, 2012

Shylock Trojan Detects & Avoids Remote Desktop Connections

Shylock Banking TrojanIf you were hoping to study the latest variant of the Shylock Trojan via remote desktop connection, you’re out of luck.

Trusteer researchers discovered that Shylock is now capable of detecting remote desktop environments, which are commonly used by security researchers to analyze malware samples.

Shylock identifies remote desktop environments by “feeding invalid data into a certain routine and then observing the error code returned.” If the error code doesn't match ones expected from a normal desktop, Shylock won’t install.

Trusteer noted that it is possible to use this method to identify other known or proprietary virtual/sandbox environments.

Shylock’s new evasion technique will make it difficult for security researchers to study the malware and antivirus vendors to update detection signatures.

Of course, it is always better for users to take a proactive approach vs. reactive when it comes to malware, especially if its financial data-stealing malware like Shylock.

Being that Shylock often infects PCs via drive-by-download attacks and phishing emails, users are urged to:

  • Keep their operating system & third-party software patched and up-to-date.

  • Avoid clicking links or downloading files attached to emails from unknown/untrusted sources.

  • Always run antivirus that runs real-time scanning.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment