The communication infrastructure used by the cybercriminals behind the Shylock malware to control the infected machines has been disrupted in an international law enforcement operation that also involved several private security companies.

Shylock, also known as Caphaw, has been named so because, when analyzing a sample, security engineers found pieces of Shakespeare’s Merchant of Venice scattered in the code. This also brought it the name of The Merchant of Malice from some researchers.

The malware was first detected in 2011 and it targeted major European banks, focusing on financial institutions in the United Kingdom. According to an older post from Symantec, customers of more than 60 such organizations have been affected.

The operation, which consists in seizing the command and control servers for the Trojan, is coordinated by the UK National Crime Agency (NCA) in cooperation with partners such as the FBI, Europol, BAE Systems Applied Intelligence, GCHQ, Dell SecureWorks, Kaspersky Lab, and the German Federal Police (BKA).

The agency says that taking charge of the command and control servers “has been conducted from the operational centre at the European Cybercrime Centre (EC3) at Europol in The Hague. Investigators from the NCA, FBI, the Netherlands, Turkey and Italy gathered to coordinate action in their respective countries, in concert with counterparts in Germany, Poland and France.”

A statement from the NCA says that at least 30,000 computers around the world have been compromised by the malware, most of them being located in the United Kingdom.

Shylock banking Trojan would be delivered to the victim through drive-by downloads, upon accessing a malicious link.

Once the infection completes, the malware carries out its financial information stealing activity by interposing between the client and the server, and injects code into the websites of the targeted institutions when the victim accesses them.

All credentials entered this way would be automatically sent to the remote machines controlled by the cybercriminals.

Numerous variants of the threat have been released in order to evade detection by antivirus products and to prevent analysis of the samples caught by researchers.

One of the techniques used to empty the bank account of a victim is to insert fake financial data after the login was performed, completely masking the criminal activity from the user.

Removal routines for Shylock/Caphaw have been added to the Malicious Software Removal Tool, and installing the latest updates for Windows ensures that the malicious software is eliminated automatically from the system after restarting the machine.
Kepler Reviewed by Kepler on . Shylock/Caphaw Banking Trojan Network Disrupted http://i1-news.softpedia-static.com/images/news-700/Shylock-Caphaw-Banking-Trojan-Network-Disrupted.jpg The communication infrastructure used by the cybercriminals behind the Shylock malware to control the infected machines has been disrupted in an international law enforcement operation that also involved several private security companies. Shylock, also known as Caphaw, has been named so because, when analyzing a sample, security engineers found pieces of Shakespeare’s Merchant Rating: 5