The Latest in IT Security

Shylock Likes Smart Cards


Do you ever use your laptop’s Smart Card reader? You don’t? Yeah, we didn’t think so.

(Half of you reading this probably didn’t even realize it had one to begin with.)

Windows users: open your Control Panel, go to Administrative Tools, Services — and stop the Smart Card service. Adjust the startup type to prevent it from starting up with the system.

Smart Card Properties

All done? Good.

Now you’re not wasting resources on an unused service and as a bonus — a malware called Shylock will no longer infect your system.

Why’s that?

Because upon execution, Shylock checks for the Smart Card service and if it isn’t present, it quits.

Shylock Smart Card check
Shylock 1

And that’s not all. Marko from our Threat Research team found that it also checks for memory and hard drive space.

Here’s the memory check:

Shylock memory check
Shylock 2

At least 256MB is required:

Shylock memory check
Shylock 3

And the hard drive related checks:

Shylock logical drives check
Shylock 4

Shylock drives check
Shylock 5

And as you can see from the “Shylock 3” image, the combined drive space must be equal to at least 12GB.

Now you might be asking yourself, why is Shylock so particular?

The most likely answer is it’s an attempt to avoid being debugged by antivirus vendors, which typically use virtual environments for research. And such virtual environments don’t always include things such as virtual Smart Card readers. But then again… sometimes they do.

Better luck next time, Shylock.

SHA1: 386ccfc028ac4986def3954cfce8af541330fa36

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments