Clampi/Ligats/Ilomo trojan
(Publication) Google search: [1]
| Clampi/Ligats/Ilomo trojan | |
|---|---|
| Botnet | Clampi, Ligats, Ilomo, Rscan |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2009 / 29 juillet 2009 |
| Editor/Conference | DELL SecureWorks |
| Link | http://www.secureworks.com/research/threats/clampi-trojan/ (Archive copy) |
| Author | Joe Stewart |
| Type | |
Abstract
“ Clampi (also known as Ligats, Ilomo or Rscan) is a Trojan designed to steal credentials from infected systems. Joe Stewart, SecureWorks Director of Malware Research for the Counter Threat Unit (CTU), first delved into Clampi in 2007 and as a result, SecureWorks successfully implemented countermeasures beginning in 2007 to protect its clients against Clampi.
In early 2009, Stewart decided to launch a full-blown investigation of the very elusive Trojan because of its use of the psexec tools to spread. In recent months, Clampi has successfully spread across Microsoft networks in a worm-like fashion. Stewart predicts that hundreds of thousands of corporate and home pc users are infected with Clampi. Clampi is stealing a tremendous amount of data, including financial data, via infected corporate and home users.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR855,
editor = {DELL SecureWorks},
author = {Joe Stewart},
title = {Clampi/Ligats/Ilomo trojan},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2009},
howpublished = {\url{http://www.secureworks.com/research/threats/clampi-trojan/}},
}