Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Virus alerts

February 21st, 2012, 16:03 GMT · By Eduard Kovacs

Shakespearian Malware Avoids Antivirus Detection

SHARE:

Adjust text size:

Trusteer products are designed to handle this type of malware
Enlarge picture
Trusteer researchers found that the piece of malware known as Shylock, named so because each new variant contains random quotes from Shakespeare's "The Merchant of Venice", has infected a lot of devices in the past several weeks. After further investigations they have managed to determine the clever mechanisms which allow the malicious element to remain undetected by security software.

According to experts, Shylock, known for the fact that it targets financial information on the victims’ computers, uses a three step technique to ensure that it can almost completely avoid detection.

First of all, it injects itself into all the processes that run in the memory. Each time a new application is executed, the malware makes its way into the process before the program actually starts.

This technique not only allows it to remain undetected, but also makes it difficult to remove with conventional antivirus software, due to the fact that it’s embedded into a large number of processes.

Another clever way of hiding from security applications is by permanently monitoring the directory browsing and the enumeration of registry keys. Since these two factors can indicate an antivirus scan that’s in progress, each time these operations are detected, Shylock removes itself from the registries.

In theory, if it removes itself from the registries, when the computer is started the next time, it won’t be able to make its way into the memory, which means that the infection is eliminated. However, Shylock’s creators came up with a way of verifying that this doesn’t happen.

The malware attaches itself to the shutdown process and reinstates all its files and registry keys before allowing the computer to turn off. Researchers noticed that if the device is unplugged from the wall socket and the operating system doesn’t complete the shutdown sequence, the infection is eliminated.

Trusteer Rapport users are not vulnerable to these types of attacks thanks to the advanced detection engines and multiple layers of defense.
FILED UNDER:
Shylock
malware
antivirus


2,215 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


FBI Warns of Robert English Soccer Academy Scams
LOIC DDOS Attack Tool Migrated to Android
RIAA Copyright Violations Spread Malware
International Sanctions Force Iran to Build Its Own Antivirus
Malware Spreads as Microsoft Silverlight Content Sent by Facebook

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use