Clamping Down on The 'Clampi' Trojan
Brian Krebs writes on Security Fix:
Finding the notorious Clampi banking Trojan on a computer inside your network is a little like spotting a single termite crawling into a crack in the wall: Chances are, the unwelcome little intruder is part of a much larger infestation.More here.
At least, that's the story told by two businesses which recently discovered Clampi infections, compromises that handed organized cyber gangs the access they needed to steal tens of thousands of dollars.
In early August, attackers used Clampi to swipe the online banking credentials assigned to the Sand Springs Oklahoma School District. The thieves then submitted a series of bogus payroll payments, totaling more than $150,000, to accomplices they had hired throughout the United States.
Sand Springs Superintendent Lloyd Snow said the district has since been able to get about half of those transfers reversed, while the district's bank graciously covered the rest of the loss.
Initially, Snow said, suspicion fell on one school computer on which the Clampi Trojan was indeed found. But a forensic investigation later revealed that a large number of other systems on the board's network also were sickened with Clampi.
"It was all over the whole office complex," Snow said. "Unfortunately, like most schools, we need about three times the number of people in our IT department than we have now."