Authorities and private firms collaborate to combat Shylock malware

Law enforcement agencies and web security firms work together to combat notorious malware

Law enforcement agencies and internet security firms have joined together in an international operation to combat the Shylock Trojan malware.

In what has been dubbed the first project of its kind in the UK, the National Crime Agency (NCA) worked alongside the FBI, Europol, GCHQ and the German Federal Police, along with private firms including BAE Systems Applied Intelligence, Dell SecureWorks and Kaspersky Lab to take down the notorious malware used by cyber criminals to steal money.

Paul Gillen, head of operations for Europol's European Cybercrime Centre, recently told Computing that this sort of international public-private collaboration was the "one true way" to stop cyber criminals.

Shylock worked by infecting victims after tricking them into clicking a malicious link, which downloads malware onto their computer. Shylock then accesses funds kept in personal and business bank accounts and transfers them to cyber criminals.

The malware – named Shylock because its code contains extracts from William Shakespeare's The Merchant of Venice, in which Shylock is the name of the principal money-lending antagonist – had infected at least 30,000 computers running Microsoft Windows, with most victims thought to be in the UK.

However, the criminals' activities have now been disrupted following the seizure of servers containing the command and control system for Skylock, in addition to the authorities taking control of the domains the malware uses to communicate between infected systems.

The operation has been conducted from the European Cybercrime Centre (EC3) at Europol in The Hague and involved investigators from across the globe.

"The NCA is co-ordinating an international response to a cyber crime threat to businesses and individuals around the world," said Andy Archibald, deputy director of the NCA's National Cyber Crime Unit.

"This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime affecting the UK," he continued.

"We continue to urge everybody to ensure their operating systems and security software are up to date."

Troels Oerting, head of the European Cybercrime Centre (EC3) at Europol, stated he was "very happy" with the outcome of the operation against the "sophisticated malware."

"EC3 has provided a unique platform and operational rooms equipped with state-of-the-art technical infrastructure and secure communication means, as well as cyber analysts and cyber experts," he said.

"In this way we have been able to support frontline cyber investigators, co-ordinated by the UK's NCA, and working with the physical presence of the United States' FBI and colleagues from Italy, Turkey and the Netherlands, with virtual links to cyber units in Germany, France and Poland," he added.

Jason Milletary, technical director for malware analysis on the Dell SecureWorks' counter threat unit (CTU) research team, also commented on the operation.

"I believe we're seeing security companies working more to disrupt criminal operations and working with Law Enforcement for adversary attribution as a means of protecting their clients and helping to protect the Internet at large," he said.