Shylock Malware Now Spreading via Skype

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

CSIS security researchers report that the Shylock banking malware has been updated with new functionality, including the ability to spread over Skype.

"An analysis by [CSIS] shows that the newest version of the malware includes a plugin named 'msg.gsm' that uses the chat function in Skype in order to spread to new machines," writes Threatpost's Dennis Fisher. "The malware relies on a network of infected Web sites to perform drive-by download attacks as the initial infection vector, and once it is resident on a new machine and finds the Skype application, it then sends malicious links to the victim's contacts through the chat function."

"The plug-in also bypasses the warning and confirmation request that Skype displays when a third-party program tries to connect and interact with the application," writes Computerworld's Lucian Constantin.

"Beside the new ability to spread through Skype, Shylock can also spread through local shares and removable drives," writes The Register's John Leyden. "Infection by the Trojan allows cybercrooks to steal cookies, inject HTTP into a website, setup setup VNC (allowing remote control of compromised desktops), and upload files, among other functions."