July 10th 2014
An international operation involving law enforcement agencies and private sector companies is driving down the threat from a type of malicious software (malware) known as Shylock, used by criminals to steal from bank accounts.
Victims are typically infected by clicking on malicious links, then being convinced to download and run the malware. Shylock will then seek to access funds held in business or personal accounts, and transfer them to the criminal controllers.
As part of the law enforcement activity, action is being taken to disrupt the system which Shylock depends on to operate effectively. This comprises the seizure of servers which form the command and control system for the Trojan, as well as taking control of the domains used for communication between infected computers.
Shylock – so called because its code contains excerpts from Shakespeare’s Merchant of Venice – is known to have infected tens of thousands of computers running Microsoft Windows worldwide. Intelligence suggests that Shylock targets the UK more than any other country, despite the suspected developers being based elsewhere.
Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said: “The NCA is taking the lead in addressing a cybercrime threat to businesses and individuals around the world. This phase of activity is having a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cybercrime impacting the UK.”
Mr Archibald continued: “We continue to urge everybody to ensure their operating systems and security software are up to date.”
Troels Oerting, head of the European Cybercrime Centre (EC3) at Europol, said: “The European Cybercrime Centre (EC3) is very happy about this operation against sophisticated malware, playing a crucial role in the take-down of the criminal infrastructure. EC3 has provided a unique platform and operational rooms equipped with state-of-the-art technical infrastructure and secure communication means, as well as cyber analysts and cyber experts”.
Mr Oerting continued: “In this way we have been able to support frontline cyber investigators, coordinated by the UK’s NCA, and working with the physical presence of the United States’ FBI and colleagues from Italy, Turkey and the Netherlands, with virtual links to cyber units in Germany, France and Poland."
Do you need to do anything?
The latest of Microsoft’s regular operating system updates will result in the removal of Shylock infections in machines which have been set to automatically update Windows.
Computer users opting for automated operating system updates – which can ensure computers infected with malware such as Shylock are cleaned automatically once the machine is restarted – need take no action at this time.
Those not opting for automatic updates, or who would like to learn more about how to check their Windows-operated computers and remove infection, can go to:
Anyone in the UK who believes they have lost money through malware attacks should report it to Action Fraud via its online reporting tool, or by calling 0300 123 2040.