Clampi Trojan Renews Assault on Bank AccountsBy Lawrence Walsh | Print
Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame
The Clampi Trojan appears to be on the rebound and ready to stealthily steal banking and financial account credentials by monitoring connections on infected PCs. The Trojan shows that cyber-criminals are getting more innovative and resilient in how they target high-value information and circumvent security controls.
Sporadic reports are surfacing that the authentication credential stealing Trojan Clampi is regaining momentum and poised to begin a new round of stealthily siphoning cash from the bank accounts belonging to compromised users.
Clampi—also known as Ligats, Ilomo and Rscan—was first discovered in January 2008. The Trojan targets machines running nearly all versions of Windows and spreads as a drive-by download through Websites with compromised vulnerabilities in Flash and ActiveX. It sits in the background monitoring Web browsing activity, specifically log-ins to accounts with financial activity. Without impeding connections or PC performance, Clampi stealthily captures users' account IDs and authentication credentials and passes them to its master.
In recent months, Clampi has started spreading like a worm across networks with infected PCs. In a CNET report, SecureWorks' Joe Stewart explained that Clampi uses capture domain registration credentials to leverage the Windows SysInternals tool "psexec" to copy itself across all connected computers within a domain.
What makes Clampi different, according to published reports, is that it's monitoring a vast number of financially sensitive accounts. Banks and financial institutions are its prime target, but it's also monitoring retail sites, utilities, ad networks, government agencies, online casinos and military portals.
The threat is not contained to individual home users. The Washington Post previously reported Clampi is responsible for several large, unauthorized bank transfers. A Kentucky county lost more than $415,000 to cyber-criminals after a treasurer's PC was compromised. A Pennsylvania school district was hit to the tune of $700,000 and an auto parts store in Georgia lost $75,000, the newspaper reported.