Jump to content


Photo
- - - - -

Beware Skype users, Shylock malware now spreading through Skype

skype malware virus

  • Please log in to reply
8 replies to this topic

#1 Secured Tim

Secured Tim

    Call me Tim

  • Member
  • 2,085 posts

Posted 18 January 2013 - 05:42 AM

boEnU.png

 

New version of Shylock malware is now capable of spreading through Skype. The malware is spreading mainly in the U.K., Europe and the U.S. and is playing off the fact that Microsoft is about to kill its Messenger application in favor of Skype.
 
The Skype replication is implemented with a plugin called "msg.gsm". This plugin allows the code to spread through Skype and adds the following functionality:

- Sending messages and transferring files
- Clean messages and transfers from Skype history
- Bypass Skype warning/restriction for connecting to Skype
 
None of the popular antivirus is capable of detecting this malware till date. Check the report of msg.gsm on VirusTotal.

The malware is designed specifically to steal credentials for online banking sites, and also has the ability to perform code-injection attacks.

Besides from utilizing Skype it will also spread through local shares and removable drives. Basically, the C&C functions allow the attacker to:

- Execute files
- Get cookies
- Inject HTTP into a website
- Setup VNC
- Spread through removable drives
- Uninstall
- Update C&C server list
- Upload files

Shylock is one of the most advanced Trojan-banker currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly.

The spread of the malware:

xoow7l.jpg
 
Source: CSIS



#2 Vegetto

Vegetto

    WinMatrixian

  • Member
  • 241 posts

Posted 18 January 2013 - 01:57 PM

The VirusTotal report is 1 day, 4 hours old and not even a single antivirus has marked it as a virus yet! :huh:



#3 OverKlockD

OverKlockD

    WinMatrixian

  • Member
  • 212 posts

Posted 18 January 2013 - 02:34 PM

Antivirus applications now have this in their definitions. Now I can stop worrying.



#4 Burned Phoenix

Burned Phoenix

    WinMatrix Addict

  • News Poster
  • 3,488 posts

Posted 18 January 2013 - 03:00 PM

Microsoft Security Essentials and Kaspersky still can't detect it.

Here is the latest report:
https://www.virustot...ec842/analysis/

 

Edit: Not even Malwarebytes!



#5 Villain

Villain

    An Old Geek

  • Global Moderator
  • 6,003 posts

Posted 18 January 2013 - 04:14 PM

Don't use Skype.

Problem fixed, because it is not an issue :D



#6 The Flashing Fish

The Flashing Fish

    om nom nom nom

  • Member
  • 684 posts

Posted 18 January 2013 - 09:45 PM

Don't use Skype.

Problem fixed, because it is not an issue :D

 

That's not a solution, that's avoiding the problem altogether.



#7 Villain

Villain

    An Old Geek

  • Global Moderator
  • 6,003 posts

Posted 19 January 2013 - 10:01 PM

That's not a solution, that's avoiding the problem altogether.

Just avoid Skype altogether then Give 10 days, the AV apps will have the definitions updated.  So yeah, Avoid the Zombies while the Army gets to you to keep you safe.



#8 Elhuyar

Elhuyar

    Active WinMatrixian

  • Member
  • 364 posts

Posted 20 January 2013 - 11:08 AM

The VirusTotal analysis scared the shit out of me.



#9 Secured Tim

Secured Tim

    Call me Tim

  • Member
  • 2,085 posts

Posted 22 January 2013 - 01:29 PM

Update: Backdoor:Win32/Capchaw.N, also known as Shylock has been blocked completely. Still, avoid clicking on links coming from untrusted sources



Want to comment?

Register or Sign In to go completely ad-free!



Also tagged with one or more of these keywords: skype, malware, virus