19 October 2017

Bank data-stealing Trojan infects hundreds of thousands of PCs - researcher

30 July 2009  |  9987 views  |  0 anonymous figure in front of stock exchange

A "tremendous" amount of financial data has been stolen by a Trojan that has infected hundreds of thousands of corporate and personal PCs, according to information security specialist SecureWorks.

Clampi, also known as Ligats, Ilomo or Rscan, has spread across Microsoft networks in a "worm-like fashion" and is "one of the largest and most professional thieving operations on the Internet" says Joe Stewart, director of malware research at SecureWorks' counter threat unit.

Once it has infected a PC, the Trojan monitors Web sessions to see if one of 4500 targeted sites are visited. If a victim uses one of these sites - which include those of banks, credit card companies, stock brokerages and insurance firms - it captures sensitive information such as usernames, passwords and PINs.

Stewart claims to have so far identified 1400 affected sites in 70 different countries.

Stewart says Clampi is operated by a "serious and sophisticated" organised crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions.

Its recent success in infecting victims has been achieved by using domain administrator credentials - either stolen by the Trojan or re-used, or by virtue of the fact that a domain administrator has logged into an already infected system.

Once domain administrator privileges are granted, the Trojan uses the SysInternals tool "psexec" to copy itself to all computers on the domain. In addition, it serves as a proxy server used by criminals to cloak their activity when logging into stolen accounts.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Criminal malware infection hits Eastern European cash machines

Criminal malware infection hits Eastern European cash machines

29 June 2009  |  7473 views  |  0 comments
CheckFree warns five million customers of hack attack

CheckFree warns five million customers of hack attack

07 January 2009  |  9615 views  |  0 comments
Firefox users targeted by bank password stealing Trojan

Firefox users targeted by bank password stealing Trojan

05 December 2008  |  10654 views  |  0 comments
Trojan steals 500,000+ bank and card details

Trojan steals 500,000+ bank and card details

31 October 2008  |  16464 views  |  0 comments
Security experts warn of Trojan.Silentbanker

Security experts warn of Trojan.Silentbanker

15 January 2008  |  11013 views  |  0 comments
Banker Trojans on the rise; pump-and-dump schemes hit Europe

Banker Trojans on the rise; pump-and-dump schemes hit Europe

30 March 2007  |  6884 views  |  0 comments
Hackers steal Skr8m from Nordea accounts in trojan attack

Hackers steal Skr8m from Nordea accounts in trojan attack

19 January 2007  |  9081 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.comvisit www.innotribe.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15820 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8954 views comments | 16 tweets | 22 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8051 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7147 views comments | 9 tweets | 17 linkedin
Santander InnoVentures leads $6m funding round for Mexico's ePesosSantander InnoVentures leads $6m funding r...
6288 views comments | 6 tweets | 3 linkedin

Featured job

Find your next job