With security researchers focused on the Black Hat security conference, a Trojan called Clampi is still making its way across the Web looking for victims. Also known as Ligats, Ilomo or Rscan, Clampi is a Trojan that aims to steal credentials from infected systems. According to SecureWorks, hundreds of thousands of Windows computers may already be infected and many more are at risk. In one recent example, an auto-parts store lost about $75,000 to a group of attackers leveraging the power of Clamp in early July. Although Clampi is not a new threat — it has been harassing Windows users since 2007 — security researchers report it is gaining momentum. Joe Stewart, SecureWorks director of malware research for the counter threat unit, launched an in-depth investigation into the Trojan and its use of the psexec tools to spread earlier this year. What he discovered is troubling. “In recent months, Clampi has successfully spread across Microsoft networks in a worm-like fashion,”

Stewart said. How Clampi Attacks Stewart has identified 1,400 of the 4,500 Web sites in 70 different countries Clampi attackers are targeting. The Clampi Trojan, he reported, requests information specifically from these sites via infected computers. A sophisticated organized-crime group from Eastern Europe is running Clampi and has been implicated in numerous high-dollar thefts from banking institutions. “Clampi’s recent success in infecting victims is accomplished by using domain-administrator credentials — either stolen by the Trojan or reused, or by virtue of the fact that a domain administrator has logged into an already infected system. Once domain-administrator privileges are granted, the Trojan uses the SysInternals tool psexec to copy itself to all computers on the domain,” Stewart said. “Clampi also serves as a proxy server used by criminals to anonymize their activity when logging into stolen accounts.” Although most major antivirus engines should detect Clampi and its…

Read the original here: 
Clampi Worm Puts Online Financial Transactions at Risk