Shylock Trojan found using Skype as distribution medium

Security Leave a comment

CSIS, a security firm, in a blog post has revealed how it came across new functionalities implemented in the Trojan through a new plug-in dubbed ‘msg.gsm’, whereby Skype is used as a medium for infection. The new plug-in is capable of sending messages and transferring files; deleting messages and transfers from Skype history; bypassing Skype warning/restriction for connecting to Skype; and sending requests to server.

If the Trojan successfully infects a system, it connects back to its command and control server thus providing the attacker to install a VNC server for remote connection; steal cookies; inject HTTP code; upload files to a server; further spread through USB drives.

The security company believes that the focus of the Trojan is UK and that the operators of the C&C are not going for a mass infection across multiple countries. When reported by CSIS, no antivirus product was able to successfully detect the Trojan as a malicious piece of code. As of now the updated VirusTotal report shows 15 successful detections.

Ravi is the founder of Parity Media and currently acting as an editor of ParityNews.com. He is a technology enthusiast with keen interest in information security. Ravi has over 6 years of experience and is keen on raising general awareness about technology in society.