Shylock (Zeus family)
Shylock is a banking malware, designed to retrieve
user’s banking credentials for fraudulent purposes.
As soon as it is installed, Shylock communicates with the remote Command and Control servers controlled by the cybercriminals, sending and receiving data to and from the infected PCs.
Similar to Zeus Gameover, this malware makes use of a (DGA) Domain generation algorithm which is used to generate a number of domain names that can be used receive commands between the malicious servers and the infected systems.
The Trojan is delivered mostly through drive-by downloads on compromised websites and via malvertising, where malicious code is inserted in adverts that are then placed on legitimate websites.
Another popular method of spreading this financial malware is by inserting malicious JavaScript into a web page. This technique produces a pop-up which pushes the user to download a plugin, apparently necessary for the media display on the website.