Published in News

Clampi targets company accounts

by on31 July 2009

Image

New worm in town

Cybersecurity
experts are worried about a fast-spreading computer virus that takes deadly aim at financial accounts.

Dubbed Clampi it has infected 500,000 computers since March and it is spreading. Researcher Joe Stewart told cybercrime experts meeting this week at the Black Hat security conference in Las Vegas that AV programs can detect and block Clampi, but the attackers are adept at tweaking it so it gets through.

Clampi is one of a few dozen "banking Trojans" that target online financial transactions. The criminals behind Clampi are going after companies. Windows PCs can pick up the Clampi infection when a user clicks on a tainted Web page, including ones on innocuous-looking legitimate sites that have been hacked.

An infected PC then waits to see if the user logs into personal accounts at any of 4,600 Web pages for a wide array of businesses and government agencies and their banks. It then sets a trap to obtain the user name and password of network administrators who have clearance to access all of an organization's Windows PCs. It logs on as the administrator, then spreads companywide.

Attackers are then able to wire cash transfers to accounts they control using banks' automated clearinghouse (ACH) systems.
Rate this item
(0 votes)