Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shylock Malware Resurges, Targets Top U.S. Banks


  • Please log in to reply
8 replies to this topic

#1 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:12 AM

Posted 20 September 2013 - 01:52 PM

The return of Shylock and other similar types of malware is a good reason to use a Linux Live Distro

or install a Linux distro for using only for online banking.

 

Below copied from here: Shylock Malware Resurges, Targets Top U.S. Banks::Brought to you by TechWeb

 

 

...the Trojan application now targets customers of the four largest U.S. banks -- Chase Manhattan Corporation, Bank of America, Citi Private Bank and Wells Fargo -- as well as Bank of the West, Capital One, U.S. Bancorp and others.......

 

.........Shylock, which hides in Windows Explorer, can also hook itself to the operating system in a way that allows it to control the reboot/shutdown process and makes it possible for the malware to restore itself after some antivirus cleaning procedures have been carried out, Matrosov said..........

 

......Zscaler ThreatLabZ security researchers Sachin Deodhar and Chris Mannon said in a blog post that "it is more than likely arriving as part of an exploit kit [homing] in on vulnerable versions of Java."...........

 

According to the article, don't expect your security programs to protect you from this malware.

 

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 AM

Posted 20 September 2013 - 02:06 PM

Making my way to using Ubuntu completely if I can.  Thanks for posting.

 

West TN??   I am Middle TN.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:12 PM

Posted 20 September 2013 - 03:48 PM

...it is more than likely arriving as part of an exploit kit [homing] in on vulnerable versions of Java."...........

Using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.Although, Java is commonly used in business environments and many VPN providers still use it, the average user does not need to install Java software.
- Why You don't need Java
- W3Techs usage statistics and market share data of Java on the web
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 buddy215

buddy215
  • Topic Starter

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:12 AM

Posted 20 September 2013 - 04:38 PM

If you click on the link 'said in a blog post' you will see this:

 

At the time of research, we were unable to identify the initial infection vector.  We can tell that it is more than likely arriving as part of an Exploit Kit honing in on vulnerable versions of Java.  The reason we suspect this is that the User-Agent for every single transaction that has come through our Behavioral Analysis (BA) solution has been: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_07.

The UserAgent for known drop locations of this are manipulating users with Java version 1.6.07

 

@ jeffce....most of what I do is online so it was easy for me to make the move to full time Ubuntu user for 4 years now. Though I do keep

my Windows 7 updated. The downer is if you use 1 or more Windows platform only programs daily then I would not suggest switching unless

you have more than one computer. Even dual booting...booting back and forth....would get old pretty quick.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:12 PM

Posted 20 September 2013 - 05:04 PM

Regardless of which version, using Java is an unnecessary security risk since it is not really needed for most users.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 AM

Posted 21 September 2013 - 08:24 AM

Regardless of which version, using Java is an unnecessary security risk since it is not really needed for most users. 

I completely agree.  With the right tools it is very easy to create a false Java update screen and allow access to peoples' systems.  I have not had Java on any of my systems in well over a year with no noticeable changes at all.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:11:12 AM

Posted 21 September 2013 - 09:29 AM

The infected machines were running Windows XP and Java 1.6. I can easily guess, they had no antivirus protection and were not updated in a while. They can be infected by any sort of malware not only Shylock.


Edited by Romeo29, 21 September 2013 - 09:29 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:12 PM

Posted 21 September 2013 - 03:05 PM

The infected machines were running Windows XP and Java 1.6. I can easily guess, they had no antivirus protection and were not updated in a while. They can be infected by any sort of malware not only Shylock.

Translation: The computer was a virus honeypot.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 AM

Posted 21 September 2013 - 08:58 PM

Translation: The computer was a virus honeypot

Absolutely.  Very easy to set up.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users