Newsfeed
Nachrichtenbote
Do you ever use your laptop's Smart Card reader? You don't? Yeah, we didn't think so.
(Half of you reading this probably didn't even realize it had one to begin with.)
Windows users: open your Control Panel, go to Administrative Tools, Services — and stop the Smart Card service. Adjust the startup type to prevent it from starting up with the system.
All done? Good.
Now you're not wasting resources on an unused service and as a bonus — a malware called Shylock will no longer infect your system.
Why's that?
Because upon execution, Shylock checks for the Smart Card service and if it isn't present, it quits.
Shylock 1
And that's not all. Marko from our Threat Research team found that it also checks for memory and hard drive space.
Here's the memory check:
Shylock 2
At least 256MB is required:
Shylock 3
And the hard drive related checks:
Shylock 4
Shylock 5
And as you can see from the "Shylock 3" image, the combined drive space must be equal to at least 12GB.
Now you might be asking yourself, why is Shylock so particular?
The most likely answer is it's an attempt to avoid being debugged by antivirus vendors, which typically use virtual environments for research. And such virtual environments don't always include things such as virtual Smart Card readers. But then again… sometimes they do.
Better luck next time, Shylock.
SHA1: 386ccfc028ac4986def3954cfce8af541330fa36
On 04/12/12 At 03:27 PM
Weiterlesen...
(Half of you reading this probably didn't even realize it had one to begin with.)
Windows users: open your Control Panel, go to Administrative Tools, Services — and stop the Smart Card service. Adjust the startup type to prevent it from starting up with the system.
All done? Good.
Now you're not wasting resources on an unused service and as a bonus — a malware called Shylock will no longer infect your system.
Why's that?
Because upon execution, Shylock checks for the Smart Card service and if it isn't present, it quits.
Shylock 1
And that's not all. Marko from our Threat Research team found that it also checks for memory and hard drive space.
Here's the memory check:
Shylock 2
At least 256MB is required:
Shylock 3
And the hard drive related checks:
Shylock 4
Shylock 5
And as you can see from the "Shylock 3" image, the combined drive space must be equal to at least 12GB.
Now you might be asking yourself, why is Shylock so particular?
The most likely answer is it's an attempt to avoid being debugged by antivirus vendors, which typically use virtual environments for research. And such virtual environments don't always include things such as virtual Smart Card readers. But then again… sometimes they do.
Better luck next time, Shylock.
SHA1: 386ccfc028ac4986def3954cfce8af541330fa36
On 04/12/12 At 03:27 PM
Weiterlesen...