Security firm Symantec has found that banking Trojan Shylock – malware which aims to infect computers – is currently targeting more than 60 financial institutions, the majority of which are in the UK.
In a blog, the firm pointed to some recent additions to the original Shylock malware, first released in 2011, which have made it better able to infect machines and steal information.
Further reading
Cyber security roundtable: The next steps for government Analysis: Recruiting an army of cyber guardians Britain clashes with EU over 'right to be forgotten' opt-out
The following modules have been developed and are being downloaded by the threat.
• Archiver (compresses recorded video files before uploading them to remote servers)
• BackSocks (enables the compromised computer to act as a proxy server)
• DiskSpread (enables Shylock to spread over attached, non-fixed drives)
• Ftpgrabber (enables the collection of saved passwords from a variety of applications)
• MsgSpread (enables Shylock to spread through Skype instant messages)
• VNC (provides the attacker with a remote desktop connection to the compromised computer)
The malware is primarily used by organised criminal groups, and uses technology which will be familiar to many enterprises.
"The Trojan employs a robust infrastructure that allows for redundancy and load-balancing during periods of high traffic, whereby servers will redirect compromised computers to another server depending on the number of incoming connections," wrote the Symantec security response team in the blog.
The way in which targets are chosen serves as a warning to firms with poor or lax security. Symantec found that news targets are chosen if they have high-value accounts, or operate easy-to-penetrate security. Conversely, firms which have beefed up their security in recent years are left alone, as the effort involved in penetrating their defences may not be worth the result.
Although the malware has evolved recently, Symantec added that it expects this evolution to continue.
"We expect to see new iterations of this threat in the wild and are continuing to monitor the threat landscape," it said.
