Clampi Trojan Causing Theft of Online Banking Credentials from Thousands

Hundreds of thousands to possibly a million computers are believed to be infected with Clampi, a Trojan that was discovered to be stealing banking and other log-in credentials from hijacked systems.

Security researcher, Joe Stewart from SecureWorks, has traced Clampi back to the year 2007 and revealed that it has been stealing log-in credentials since then. The Clampi Trojan is able to infect computers through drive-by downloads installing code when a user visits a website that hosts malicious code that exploits vulnerabilities within ActiveX or Flash plug-ins.

Clampi Trojan is also known as Rscan, Ligats and Ilomo. Recently, Clampi has spread through Microsoft based networks similar to that of a worm parasite. Clampi goes undetected by encryption methods and acts as a proxy server allowing criminals to stay anonymous when logging into stolen accounts online.

Stewart, the director of malware research for SecureWorks' counter threat unit, has identified 1,400 websites out of 4,500 that are currently targeted by the Clampi attack. Included within the attacked are government, military, banking, online casinos, stock brokerages and credit card company websites. The criminals behind Clampi are believed to be located in Eastern Europe based on the various techniques used to form and spread this botnet.

The biggest threat to home PC users is unfortunately a botnet or a computer parasite that is designed to steal login credentials. This is mainly due to the fact that a large percentage of home PC users use their system to access online banking accounts. Many home PC users rely solely on antivirus or security suite applications to catch every type of infection that they encounter. They do this not knowing that sophisticated infections, such as Clampi, are designed to go undetected from most, if not all, antivirus programs.

It was not so long ago that the Conficker worm was able to infect millions of systems around the world as it was not detectable by many antivirus or antispyware applications. The Clampi Trojan may become just as serious as Conficker by infecting millions of computers also. One of the major differences of Clampi is that we already know what it is capable of. Just recently, reported by The Washing Post, the Clampi infection was found to be behind a theft of close to $75,000 from Slack Auto Parts located in Georgia.

Will Clampi be the next Conficker? Do you suspect the Clampi Trojan will be used to score millions of dollars from large groups of unsuspecting computer users?