Shylock has never been advertised for sale on hacking forums, but it has gained attention for its ability to quickly spread once a single machine is infected. Shylock produces about 7 percent of banking malware observed by Dell SecureWorks. The malware seeks out network shares to infect additional systems. In addition to using email messages and drive-by attacks, the Trojan has been spreading through Skype instant messages. Researchers say the toolkit uses a plug-in architecture, enabling users to add components depending on their attack, such as support for VNC connection for remote access to compromised devices to the ability to spread through removable drives. The Shylock botnets are controlled by 53 command and control servers, according to Dell SecureWorks.