Malware temporarily named Shylock

September 8, 2011

4 Min Read


BOSTON, Sep. 7, 2011 -Trusteer, the leading provider of cybercrime prevention solutions, today announced new versions of the four products which make up its Cybercrime Prevention Architecture. The new capabilities remove malicious exploits in web page content, fingerprint fraudster machines attempting to access protected web applications, protect iOS and Android mobile devices from financial malware, and provide real-time data feeds on new malware attacks. Trusteer's Intelligence Center also warned today that a second non-financial malware variant has been retrofitted with fraud capabilities and is abusing its large installed base of infected machines to attack global financial institutions.

Trusteer is still investigating this new financial malware, which it has temporarily named Shylock. Unlike the non-financial malware Ramnit which Trusteer reported last month had turned into a fraud platform, Shylock doesn't incorporate tactics from the infamous Zeus Trojan. It appears criminals have custom developed financial fraud capabilities for Shylock.

Shylock uses unique mechanisms not found in other financial malware toolkits, including:

- An improved method for injecting code into additional browser processes to take control of the victim's computer

- A better evasion technique to prevent malware scanners from detecting its presence

- A sophisticated watchdog service that allows it to resist removal attempts and restore operations

"As with all financial fraud toolkits, Shylock's detection rate among anti-malware solutions and fraud detection systems is extremely low," said Amit Klein Trusteer's CTO. "The ability of cyber criminals to develop, distribute, and operate new tools under the radar of the industry is troubling. Enterprises and individuals continue to rely on security architectures that were designed 20 years ago and have limited value in protecting their critical assets against cybercrime attacks."

New Trusteer Cybercrime Prevention Architecture

Faced with the continually advancing sophistication of cybercrime attack methods, financial institutions and enterprises require endpoint protection against zero-day malware and phishing attacks, as well as real-time actionable intelligence they can automatically feed into layered fraud prevention and security systems. Trusteer's Cybercrime Prevention Architecture (TCPA) and Trusteer's Intelligence Center combine to deliver 24x7 detection and blocking of new attacks, which has included the discovery of the Shylock, Ramnit, SunSpot, and Oddjob financial malware platforms.

Trusteer today announced the following new versions the core products that make up the TCPA:

Trusteer Rapport - The leading cybercrime prevention software for PCs and Macs has been enhanced with exploit prevention capabilities which monitors webpages loaded into the browser and removes malicious content that tries to exploit vulnerabilities in the browser or its add-ons. Trusteer has also added a new rapid response cycle into Rapport which updates its entire customer base within ten minutes when a new threat is detected. Trusteer Rapport already prevents malware toolkits from installing on the computer and accessing information inside the browser. It also detects malware activity and removes the files associated with it.

Trusteer Pinpoint - This client-less login and transaction anomaly detection solution can now detect and alert customers when fraudster machines attempt to access protected web applications. Using a network of sensors deployed at multiple large financial websites, Trusteer Pinpoint is capable of fingerprinting and building a database of machines that are owned by fraudsters. This capability supplements Pinpoint's existing ability to detect when users attempt to access web applications with a machine that is infected with malware.

Trusteer Mobile - In addition to iOS, now supports Android and the upcoming iOS 5 platform. Trusteer is currently the only vendor to provide a solution that protects both iOS and Android devices against cybercrime committed using malware and phishing attacks.

Trusteer Situation Room - Trusteer's Online Fraud Intelligence and Risk Analysis Service has been enhanced with a new interface that allows financial institutions and large enterprise to access real-time data and generate alerts on cybercriminal activity and new attack methods that target specific organizations.

"Trusteer's leadership position in the cybercrime prevention market allows us to be exposed first to global fraud patterns and exploits. This intelligence, combined with our continuous innovation, is what keeps us ahead of cybercriminals," said Mickey Boodaei Trusteer's CEO. "Cybercrime methods have reached a level of sophistication which now requires organizations be able to rapidly assess the threat level of each new attack and quickly respond with appropriate counter measures. Trusteer's Cybercrime Prevention Architecture provides the protection, detection and intelligence infrastructure that allows customers to respond with speed to attacks using programmable behaviors, not blacklist approaches."


Trusteer's Cybercrime Prevention Architecture with the new versions of Trusteer Rapport, Trusteer Pinpoint, Trusteer Mobile and Trusteer Situation Room is available now.

About Trusteer

Trusteer is the leading provider of cybercrime prevention solutions that protect organizations against financial fraud and data breaches. Hundreds of organizations and millions of end users rely on Trusteer to protect their computers and mobile devices from online threats that are invisible to legacy security solutions. Trusteer's Cybercrime Prevention Architecture combines multi-layer security software and real-time threat intelligence to defeat zero-day malware and phishing attacks, and help organizations meet regulatory compliance requirements. Leading organizations such as HSBC, Santander, The Royal Bank of Scotland, SunTrust and Fifth Third are among Trusteer's clients. For more information visit:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights