Difference between revisions of "Clampi"
Jump to navigation
Jump to search
m (Text replacement - "=Unknown" to "=") |
|||
| Line 7: | Line 7: | ||
|Target=Microsoft Windows, United States, | |Target=Microsoft Windows, United States, | ||
|Feature=VMProtect, Password theft, | |Feature=VMProtect, Password theft, | ||
|Status= | |Status= | ||
|BeginYear=2005 | |BeginYear=2005 | ||
|EndYear= | |EndYear= | ||
|Group=Stealing, | |Group=Stealing, | ||
|Fonctionnalités=* Vol d'identifiants et mots de passe | |Fonctionnalités=* Vol d'identifiants et mots de passe | ||
Latest revision as of 15:45, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| Clampi | |
|---|---|
| Alias | Ligats, Rscan, Ilomo |
| Group | Stealing |
| Parent | |
| Sibling | |
| Family | |
| Relations | Variants: Sibling of: |
| Target | Microsoft Windows, United States |
| Origin | |
| Distribution vector | |
| UserAgent | |
| CCProtocol | |
| Activity | 2005 / |
| Status | |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
Le bot derrière le botnet Clampi (ou Ligats, Rscan, Ilomo) est formé par deux exécutables:
- L'injecteur: voir Ilomo (injecteur)
- L'exécutable principal voir Ilomo (bot)
Les deux sont souvent détectés séparément par les logiciels antivirus.
Features