Shylock banking Trojan spreads via Skype

News by Dan Raywood

A UK-specific banking Trojan is now able to spread via Skype.

A UK-specific banking Trojan is now able to spread via Skype.

According to research by Danish security firm CSIS Shylock can now be spread via Skype as a link can be sent via an infected user. Peter Kruse, partner and security specialist at CSIS, told SC Magazine that if a Skype user and friend of the infected host decides to click on the link, it either serves up the binary directly or tries to exploit vulnerabilities in third party software.

The CSIS research said that the main number of infections are in the UK and as this method of infection relies on the user's connections, the Skype replication is implemented with a plug-in called ‘msg.gsm' that allows the plug-in's code to spread through Skype. It allows: sending messages and transferring files; cleaning messages and transferring from Skype history; bypassing Skype warnings/restrictions for connecting to Skype; and sending a request to a server.

First spotted last August, Symantec deemed Shylock to be a Trojan horse that opens a backdoor on the compromised computer and attempts to steal potentially confidential information. A Virus Total search showed no detections from 46 anti-virus vendors.

Kruse said: “Shylock is one of the most advanced Trojan-bankers currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly.”

He also speculated on the size of the impact, with Microsoft recently announcing that it is discontinuing its Messenger service and replacing it with Skype.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews