Clampi/Ligats/Ilomo trojan

From Botnets.fr
Revision as of 15:22, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Clampi/Ligats/Ilomo trojan
Botnet Clampi, Ligats, Ilomo, Rscan
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 29 juillet 2009
Editor/Conference DELL SecureWorks
Link http://www.secureworks.com/research/threats/clampi-trojan/ (Archive copy)
Author Joe Stewart
Type

Abstract

Clampi (also known as Ligats, Ilomo or Rscan) is a Trojan designed to steal credentials from infected systems. Joe Stewart, SecureWorks Director of Malware Research for the Counter Threat Unit (CTU), first delved into Clampi in 2007 and as a result, SecureWorks successfully implemented countermeasures beginning in 2007 to protect its clients against Clampi.

In early 2009, Stewart decided to launch a full-blown investigation of the very elusive Trojan because of its use of the psexec tools to spread. In recent months, Clampi has successfully spread across Microsoft networks in a worm-like fashion. Stewart predicts that hundreds of thousands of corporate and home pc users are infected with Clampi. Clampi is stealing a tremendous amount of data, including financial data, via infected corporate and home users.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR855,
   editor = {DELL SecureWorks},
   author = {Joe Stewart},
   title = {Clampi/Ligats/Ilomo trojan},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2009},
   howpublished = {\url{http://www.secureworks.com/research/threats/clampi-trojan/}},
 }