Trojan.Shylock
Posted: October 6, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 11 |
| First Seen: | October 6, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Shylock is a banking Trojan that attempts to steal information associated with bank accounts based in the United Kingdom. Like Trojan.Tatanarg – a similar form of spyware – Trojan.Shylock uses man-in-the-middle (also known as MITM, man-in-the-browser or MITB) attacks to compromise normally-secure information transactions to your bank's website. However, what caused SpywareRemove.com malware researchers to raise their eyebrows was Trojan.Shylock's incorporation of a live chat interface in these attacks, which potentially can allow criminals to gather more information via personal interaction. Although Trojan.Shylock's distribution levels are low, the potential damage of Trojan.Shylock's payload can include a compromised bank account, and it's recommended for UK-based PC users to take particular care against possible Trojan.Shylock attacks and infection vectors. Despite its danger, Trojan.Shylock can be deleted by standard anti-malware products without notable difficulties.
When Bank Security Turns Against You with a Little Help from Trojan.Shylock
Although the web page-altering attacks that Trojan.Shylock uses are well-used with other forms of banking Trojans, Trojan.Shylock is unique in how Trojan.Shylock chooses to use these attacks for its own benefit. Once Trojan.Shylock detects that you're attempting to access a United Kingdom bank's website, you'll be treated to a fake message about how 'The system couldn't identify your PC'.' Trojan.Shylock will claim that a representative of the bank will contact you via live chat to confirm your identity. However, this is just an unusually-involved method of allowing Trojan.Shylock's criminals friends to steal additional confidential information about your bank account.
Other JavaScript-based injection attacks by Trojan.Shylock can also alter the contact information for these sites by inserting phone numbers associated with said criminals. Because these phone numbers are disposable and appear to have a rapid turnover rate, it's very likely that attempts to contact them will meet with being forwarded to a different number or no response at all. Like most types of banking Trojans, Trojan.Shylock is designed to avoid any unnecessary symptoms and can even bypass SSL protocol security while making this security measure look like it's still enabled. Accordingly, SpywareRemove.com malware research team recommends using anti-malware programs to detect any potential Trojan.Shylock infection whenever it's necessary.
Guarding Your Fiscal Credentials Against Trojan.Shylock's Thievery
Trojan.Shylock uses rootkit features to conceal itself along with a randomized name and location. Therefore, attempts to isolate and delete Trojan.Shylock should always use anti-malware software unless a PC security professional deems otherwise. Trojan.Shylock may be focused on UK banks, but its distribution has also spread significantly throughout Canada and the United States, and PC users in any of these regions should consider themselves vulnerable to potential Trojan.Shylock attacks.
Trojan.Shylock is a Windows-specific Trojan that affects most versions of the platform, from Windows 95 to Windows 7, although other operating systems are, for the moment, safe from Trojan.Shylock. Even though Trojan.Shylock's current distribution is low, and its removal isn't very challenging for anti-malware programs, the potential damage that Trojan.Shylock can cause to your bank account makes SpywareRemove.com malware analysts rate Trojan.Shylock as a midlevel threat if Trojan.Shylock actually is infecting your computer.
Technical Details
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[GATHERED SYSTEM INFORMATION IN UUID FORMAT]" = "[PATH TO THE TROJAN]"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.