Kaspersky Lab Contributes to Global Effort Targeting Shylock Malware
Woburn, MA – July 11, 2014 –
Kaspersky Lab has contributed to an alliance of law enforcement and
industry to take measures against the internet domains and servers that form
the core of an advanced cybercriminal infrastructure attacking online banking
systems around the globe using the Shylock Trojan.
On July 8 and 9, 2014, law enforcement agencies
took action to disrupt the system that Shylock depends on to operate effectively.
This included the seizure of servers that form the command and control system
for the Trojan, as well as taking control of the domains Shylock uses for
communication between infected computers.
The operation, coordinated by the UK’s National
Crime Agency (NCA), brought together partners from the law enforcement and
private sectors, including – besides Kaspersky Lab – Europol, the FBI, BAE
Systems Applied Intelligence, Dell SecureWorks and the UK’s GCHQ (Government
Communications Headquarters) to jointly combat the threat.
Investigative actions were undertaken from the
operational centre at the European Cybercrime Centre (EC3) at Europol in The
Hague. Investigators from the UK (NCA), USA (FBI), Italy, the Netherlands and
Turkey joined forces to coordinate the operation in their respective countries,
in concert with counterparts in Germany, France and Poland. Coordination
through Europol was instrumental in taking down the servers that form the core
of the botnets, malware and Shylock infrastructure. The CERT-EU (EU Computer
Emergency Response Team) participated in the take down and distributed
information on the malicious domains to its peers.
During the concerted action several previously
unknown parts of the infrastructure were discovered, allowing follow-up actions
to be initiated immediately and coordinated from the operational centre in The
Shylock – so-called because its code contains
excerpts from Shakespeare’s The Merchant of Venice – has infected at least 30,000
computers running Microsoft Windows worldwide. Intelligence suggests that
Shylock targets the UK more than any other country; however, the US, Italy and
Turkey are also being targeted by the malicious code. It’s thought that the
suspected developers are based elsewhere.
Victims are typically infected by clicking on
malicious links, and then persuaded to download and run the malware without
their knowing. Shylock then seeks to access funds held in business or personal bank
accounts, and transfer them to the criminal controllers.
Quotes: Sergey Golovanov, Principal Security Researcher Kaspersky Lab “Banking fraud campaigns are no longer one-off cases. We’ve seen a
significant rise in these kinds of malicious operations. Just in 2013 the
number of cyberattacks involving malware designed to steal financial data
increased by 27.6% to reach 28.4 million. To fight cybercrime, we provide
threat intelligence to law enforcement agencies all over the world and
cooperate with international organizations such as Europol. Global action
brings positive results – an example being the operation targeting Shylock
Troels Oerting, Head of EC3 Europol “The
European Cybercrime Centre (EC3) is very happy with this operation against
sophisticated malware, playing a crucial role in the work to take down the
criminal infrastructure. EC3 has provided a unique platform and operational
rooms equipped with state-of-the-art technical infrastructure and secure
communication means, as well as cyber-analysts and cyber-experts.
“In this way we’ve been
able to support frontline cyber investigators, coordinated by the UK’s
NCA, and working with a physical presence of the United States’
FBI and colleagues from Italy, Turkey and the Netherlands, with
virtual links to cyber-units in Germany, France and Poland.
has been a pleasure for me to see international cooperation between police
officers and prosecutors from many countries, and we have again tested our
improved ability to rapidly react to cyberthreats in or outside the EU. It’s
another step in the right direction for law enforcement and prosecutors in the
EU and I thank all involved for their huge commitment and dedication. A specific thank you goes to Kaspersky Lab, which has contributed
significantly to the successful outcome of the operation – and our cooperation
continues to grow in this and future cases.”
Andy Archibald, Deputy Director NCA’s National Cyber Crime Unit, UK “The
NCA is taking the lead in addressing a cybercrime threat to businesses and
individuals around the world. This phase of activity is intended to have a
significant effect on the Shylock infrastructure, and demonstrates how we are
using partnerships across sectors and across national boundaries to cut
Those opting for automated operating system updates – which can ensure
computers infected with malware such as Shylock are cleaned automatically
following a system restart – need take no action at this time. Those not opting
for automatic updates, or who would like to learn more about how to check their
Windows-based computers and remove infections, can go to http://support.microsoft.com/gp/cu_sc_virsec_master.
Advice on internet security can be found at Cyber Streetwise and Get
About Kaspersky Lab Kaspersky Lab is the world’s largest
privately held vendor of endpoint protection solutions. The company is ranked
among the world’s top four vendors of security solutions for endpoint users*.
Throughout its more than 16-year history Kaspersky Lab has remained an
innovator in IT security and provides effective digital security solutions for
large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company
registered in the United Kingdom, currently operates in almost 200 countries
and territories across the globe, providing protection for over 300 million
users worldwide. Learn more at www.kaspersky.com.