Clampi Trojan Revealed as Financial-Plundering Botnet Monster
Ellen Messmer writes on NetworkWorld:
A close look at the Clampi Trojan, an elusive piece of malware that uses encryption to help hide its nefarious data-stealing deeds, reveals it to be a botnet-controlled monster that can swipe a victim's sensitive data associated with more than 4,500 different sites, according to one researcher.More here.
"We've been able to get through the layers of encryption in Clampi," says Joe Stewart, director of malware research at SecureWorks. "Clampi is collecting data associated with about 4,600 sites, such as banks and other financial institutions targeted by criminal networks."
But it doesn't stop there.
Clampi "is going after utilities, market research firms, online casinos and career sites," Stewart says, in a broad sweep to grab personally identifiable information, such as credentials and account information, that might be of use to criminals for financial gain. Clampi, also known as Ligats, Ilomo or Rscan, is using psexec tools to spread to spread across Microsoft-based networks in a worm-like fashion.