SECURITY EXPERT WARNS ON 'CLAMPI'
31 July 2009
Eastern European fraudsters suspected of
plundering private information
U.S. cyber security expert Joe Stewart, a director of
malware research for the Counter Threat Unit of
SecureWorks, warned this week that hundreds of thousands
of Windows computers are believed to be infected with a
Trojan called "Clampi" that has been stealing banking
and other log-in credentials from compromised PCs since
2007.
CNet News reports that the warning comes on
the eve of a major security conference in Las Vegas.
Clampi, also known as Ligats, Ilomo, or Rscan,
infects computers in drive-by downloads when people
visit Web sites hosting malicious code that exploits
vulnerabilities in browser plug-ins Flash and ActiveX,
said Stewart. When the infected computer is used to
access a targeted banking or other site, the log-in and
other information is stolen.
Clampi has spread
quickly through Microsoft-based networks in a worm-like
fashion in recent months, Stewart told CNet News. It
uses domain administrator credentials that were either
stolen by the Trojan or based on an administrator
logging into an infected system. It then uses a Windows
executable SysInternals tool, "psexec," to copy itself
to all the computers on the domain, he said.
Clampi also serves as a proxy server for criminals to
cloak their activity when logging into stolen accounts.
Stewart has identified 1 400 Web sites in 70
different countries out of 4 500 sites being targeted by
the Trojan attack. The sites include banks, credit card
companies, online casinos, retail sites, utilities, ad
networks, stock brokerages, mortgage lenders, and
government and military portals.
Based on the
techniques they are using, Stewart said criminals in
Eastern Europe are believed to be behind Clampi.
Because it can take days or weeks to get a sample of
the latest version of the Trojan, antivirus protection
is often delayed, arriving after a PC is already
infected, according to Stewart.
"This type of
Trojan, banking Trojans in general, are the biggest
threat to home computer users and businesses doing
banking online," he said. "You can't rely on antivirus.
At some point you are going to visit the wrong site and
they'll get a Trojan on your computer."
Stewart
said the Trojan uses three types of encryption and
sophisticated virtual machine-based packing technology
to disguise itself in order to get through antivirus
filters. He recommended that consumer and business Web
surfers use a dedicated computer for their banking and
other sensitive financial online activities that is
separate from the computer where e-mail is accessed and
Web surfing is done.
Losses from Clampi are
starting to be publicised, CNet News reports. The Trojan
was behind the theft of nearly $75 000 from Slack Auto
Parts in Gainesville, Georgia according to the Security
Fix blog at The Washington Post.
Online Casino News Courtesy of
Infopowa
More news here.
Top of page |
Home |
News |
Forum |
Webcast |
Vortran |
Accredited Casinos |
Evil Ones |
Pitch a Bitch |
Online Gambling Resources |
Poker
|
