Clampi/Ligats/Ilomo trojan
(Publication) Google search: [1]
Clampi/Ligats/Ilomo trojan | |
---|---|
Botnet | Clampi, Ligats, Ilomo, Rscan |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2009 / 29 juillet 2009 |
Editor/Conference | DELL SecureWorks |
Link | http://www.secureworks.com/research/threats/clampi-trojan/ (Archive copy) |
Author | Joe Stewart |
Type |
Abstract
“ Clampi (also known as Ligats, Ilomo or Rscan) is a Trojan designed to steal credentials from infected systems. Joe Stewart, SecureWorks Director of Malware Research for the Counter Threat Unit (CTU), first delved into Clampi in 2007 and as a result, SecureWorks successfully implemented countermeasures beginning in 2007 to protect its clients against Clampi.
In early 2009, Stewart decided to launch a full-blown investigation of the very elusive Trojan because of its use of the psexec tools to spread. In recent months, Clampi has successfully spread across Microsoft networks in a worm-like fashion. Stewart predicts that hundreds of thousands of corporate and home pc users are infected with Clampi. Clampi is stealing a tremendous amount of data, including financial data, via infected corporate and home users.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR855, editor = {DELL SecureWorks}, author = {Joe Stewart}, title = {Clampi/Ligats/Ilomo trojan}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2009}, howpublished = {\url{http://www.secureworks.com/research/threats/clampi-trojan/}}, }