Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 7 MINUTES AGO.
You are here: Home / Computing / Clampi Worm Threatens Finances
Clampi Worm Puts Online Financial Transactions at Risk
Clampi Worm Puts Online Financial Transactions at Risk
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
31
2009
With security researchers focused on the Black Hat security conference, a Trojan called Clampi is still making its way across the Web looking for victims.

Also known as Ligats, Ilomo or Rscan, Clampi is a Trojan that aims to steal credentials from infected systems. According to SecureWorks, hundreds of thousands of Windows computers may already be infected and many more are at risk. In one recent example, an auto-parts store lost about $75,000 to a group of attackers leveraging the power of Clamp in early July.

Although Clampi is not a new threat -- it has been harassing Windows users since 2007 -- security researchers report it is gaining momentum.

Joe Stewart, SecureWorks director of malware research for the counter threat unit, launched an in-depth investigation into the Trojan and its use of the psexec tools to spread earlier this year. What he discovered is troubling.

"In recent months, Clampi has successfully spread across Microsoft networks in a worm-like fashion," Stewart said.

How Clampi Attacks

Stewart has identified 1,400 of the 4,500 Web sites in 70 different countries Clampi attackers are targeting. The Clampi Trojan, he reported, requests information specifically from these sites via infected computers. A sophisticated organized-crime group from Eastern Europe is running Clampi and has been implicated in numerous high-dollar thefts from banking institutions.

"Clampi's recent success in infecting victims is accomplished by using domain-administrator credentials -- either stolen by the Trojan or reused, or by virtue of the fact that a domain administrator has logged into an already infected system. Once domain-administrator privileges are granted, the Trojan uses the SysInternals tool psexec to copy itself to all computers on the domain," Stewart said. "Clampi also serves as a proxy server used by criminals to anonymize their activity when logging into stolen accounts."

Although most major antivirus engines should detect Clampi and its variants, Stewart said there is always a delay between a new Trojan release and the detection time. He recommends businesses that use online banking and financial transactions adopt a strategy to isolate workstations where these activities are carried out.

Sophisticated Risks

Today's malware codes are incredibly sophisticated -- and may even have their own internal encryption capabilities to hinder analysis or hijacking of their botnets or codes, according to Ken Dunham, director of global response at iSight Partners.

"Even if you wipe Windows and reinstall it, many of these Trojans can still load up and take control of your system. We're moving toward disk-level- or hardware-level-based compromise," Dunham said. "The sophistication is something that needs to be recognized. We're dealing with highly organized, talented people that are criminals."

Best practices are a must, but it can be difficult to protect against Web-based attacks and specifically third-party browser attacks that leverage Flash and PDF. Dunham said he sees new reports of attacks that involve PDF or Flash exploits or something similar cross his desk every day.

"It's one thing to say you've got your Windows updated and your antivirus in place. It's another thing to say you've got your browser updated," Dunham said. "But do you have your browser plug-ins updated? It's complicated."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN COMPUTING

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.