22 August 2017
Find out more

Bank data-stealing Trojan infects hundreds of thousands of PCs - researcher

30 July 2009  |  9936 views  |  0 anonymous figure in front of stock exchange

A "tremendous" amount of financial data has been stolen by a Trojan that has infected hundreds of thousands of corporate and personal PCs, according to information security specialist SecureWorks.

Clampi, also known as Ligats, Ilomo or Rscan, has spread across Microsoft networks in a "worm-like fashion" and is "one of the largest and most professional thieving operations on the Internet" says Joe Stewart, director of malware research at SecureWorks' counter threat unit.

Once it has infected a PC, the Trojan monitors Web sessions to see if one of 4500 targeted sites are visited. If a victim uses one of these sites - which include those of banks, credit card companies, stock brokerages and insurance firms - it captures sensitive information such as usernames, passwords and PINs.

Stewart claims to have so far identified 1400 affected sites in 70 different countries.

Stewart says Clampi is operated by a "serious and sophisticated" organised crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions.

Its recent success in infecting victims has been achieved by using domain administrator credentials - either stolen by the Trojan or re-used, or by virtue of the fact that a domain administrator has logged into an already infected system.

Once domain administrator privileges are granted, the Trojan uses the SysInternals tool "psexec" to copy itself to all computers on the domain. In addition, it serves as a proxy server used by criminals to cloak their activity when logging into stolen accounts.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Criminal malware infection hits Eastern European cash machines

Criminal malware infection hits Eastern European cash machines

29 June 2009  |  7417 views  |  0 comments
CheckFree warns five million customers of hack attack

CheckFree warns five million customers of hack attack

07 January 2009  |  9553 views  |  0 comments
Firefox users targeted by bank password stealing Trojan

Firefox users targeted by bank password stealing Trojan

05 December 2008  |  10601 views  |  0 comments
Trojan steals 500,000+ bank and card details

Trojan steals 500,000+ bank and card details

31 October 2008  |  16390 views  |  0 comments
Security experts warn of Trojan.Silentbanker

Security experts warn of Trojan.Silentbanker

15 January 2008  |  10959 views  |  0 comments
Banker Trojans on the rise; pump-and-dump schemes hit Europe

Banker Trojans on the rise; pump-and-dump schemes hit Europe

30 March 2007  |  6836 views  |  0 comments
Hackers steal Skr8m from Nordea accounts in trojan attack

Hackers steal Skr8m from Nordea accounts in trojan attack

19 January 2007  |  9035 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comvisit www.niceactimize.comvisit www.vasco.com

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
12497 views comments | 26 tweets | 23 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
11044 views comments | 22 tweets | 34 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
10268 views 0 | 6 tweets | 1 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
10210 views comments | 10 tweets | 8 linkedin
Australia regulates digital currenciesAustralia regulates digital currencies
10137 views comments | 21 tweets | 34 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job