Posted on 07/31/2009 9:36:51 AM PDT by the invisib1e hand
A "tremendous" amount of financial data has been stolen by a Trojan that has infected hundreds of thousands of corporate and personal PCs, according to information security specialist SecureWorks.
Clampi, also known as Ligats, Ilomo or Rscan, has spread across Microsoft networks in a "worm-like fashion" and is "one of the largest and most professional thieving operations on the Internet" says Joe Stewart, director of malware research at SecureWorks' counter threat unit.
Once it has infected a PC, the Trojan monitors Web sessions to see if one of 4500 targeted sites are visited. If a victim uses one of these sites - which include those of banks, credit card companies, stock brokerages and insurance firms - it captures sensitive information such as usernames, passwords and PINs.
Stewart claims to have so far identified 1400 affected sites in 70 different countries.
Stewart says Clampi is operated by a "serious and sophisticated" organised crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions.
Its recent success in infecting victims has been achieved by using domain administrator credentials - either stolen by the Trojan or re-used, or by virtue of the fact that a domain administrator has logged into an already infected system.
Once domain administrator privileges are granted, the Trojan uses the SysInternals tool "psexec" to copy itself to all computers on the domain. In addition, it serves as a proxy server used by criminals to cloak their activity when logging into stolen accounts.
Ping
Where’s the Computer Czar?
Obama’s fault.
any scans out there to find these??
any scans out there to find these??
hmmm... the IT people at the bank where my spouse is employed just pushed out an emergency security patch to both their local and remote users
Idunno. I’d go hunting on the site of the security company featured in the article, or google it up.
I bank online, but not in Windows. Neither do I key in my account names and passwords.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.