Symantec Uncovers New Version of Shylock Trojan


Symantec's Alan Neville reports that the security firm has come across a new version of the Shylock malware that injects JavaScript containing phone numbers into the contact pages of banking Web sites.

"The numbers being used by the attacker are easy to create online and are disposable," Neville writes. "When we attempted to call an injected fake telephone number, we were told the number had changed and we needed to call 08444101010 instead. We attempted to call this new number several times, but it rang without answer. "

"There are two plausible scenarios for launching this type of attack: the crooks want to harvest sensitive information via phone, or they want to prevent the victim from reporting potential fraudulent activities to the bank," writes Softpedia's Eduard Kovacs.

"The Shylock malware, named after a character from Shakespeare's The Merchant of Venice, was first discovered in September 2011 and its main purpose is to steal online banking credentials and other financial information," writes Computerworld's Lucian Constantin. "Like most financial Trojan programs, Shylock is capable of injecting rogue content into websites accessed from infected computers. The injected content is customized for every targeted website and is pulled from a configuration file. Shylock attackers are known for being creative with their scams."