Clampi Trojan Renews Assault on Bank Accounts

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

The Clampi Trojan appears to be on the rebound and ready to stealthily steal banking and financial account credentials by monitoring connections on infected PCs. The Trojan shows that cyber-criminals are getting more innovative and resilient in how they target high-value information and circumvent security controls.

Sporadic reports are surfacing that the authentication credential stealing Trojan Clampi is regaining momentum and poised to begin a new round of stealthily siphoning cash from the bank accounts belonging to compromised users.

Clampi—also known as Ligats, Ilomo and Rscan—was first discovered in January 2008. The Trojan targets machines running nearly all versions of Windows and spreads as a drive-by download through Websites with compromised vulnerabilities in Flash and ActiveX. It sits in the background monitoring Web browsing activity, specifically log-ins to accounts with financial activity. Without impeding connections or PC performance, Clampi stealthily captures users' account IDs and authentication credentials and passes them to its master.

In recent months, Clampi has started spreading like a worm across networks with infected PCs. In a CNET report, SecureWorks' Joe Stewart explained that Clampi uses capture domain registration credentials to leverage the Windows SysInternals tool "psexec" to copy itself across all connected computers within a domain.

What makes Clampi different, according to published reports, is that it's monitoring a vast number of financially sensitive accounts. Banks and financial institutions are its prime target, but it's also monitoring retail sites, utilities, ad networks, government agencies, online casinos and military portals.

The threat is not contained to individual home users. The Washington Post previously reported Clampi is responsible for several large, unauthorized bank transfers. A Kentucky county lost more than $415,000 to cyber-criminals after a treasurer's PC was compromised. A Pennsylvania school district was hit to the tune of $700,000 and an auto parts store in Georgia lost $75,000, the newspaper reported.

>> Click here to read the full report on the "Secure Channel" blog

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...