Clampi/Ligats/Ilomo trojan

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Clampi/Ligats/Ilomo trojan
Botnet Clampi, Ligats, Ilomo, Rscan
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 29 juillet 2009
Editor/Conference DELL SecureWorks
Link http://www.secureworks.com/research/threats/clampi-trojan/ (Archive copy)
Author Joe Stewart
Type

Abstract

Clampi (also known as Ligats, Ilomo or Rscan) is a Trojan designed to steal credentials from infected systems. Joe Stewart, SecureWorks Director of Malware Research for the Counter Threat Unit (CTU), first delved into Clampi in 2007 and as a result, SecureWorks successfully implemented countermeasures beginning in 2007 to protect its clients against Clampi.

In early 2009, Stewart decided to launch a full-blown investigation of the very elusive Trojan because of its use of the psexec tools to spread. In recent months, Clampi has successfully spread across Microsoft networks in a worm-like fashion. Stewart predicts that hundreds of thousands of corporate and home pc users are infected with Clampi. Clampi is stealing a tremendous amount of data, including financial data, via infected corporate and home users.

Bibtex

 @misc{Stewart2009BFR855,
   editor = {DELL SecureWorks},
   author = {Joe Stewart},
   title = {Clampi/Ligats/Ilomo trojan},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2009},
   howpublished = {\url{http://www.secureworks.com/research/threats/clampi-trojan/}},
 }