Clampi Virus | Clampi Trojan
The clampi virus is in the news in a couple places today. Surprisingly it’s in Symantec’s virus database since January and rated as a low risk. However, the sole purpose of this trojan is to monitor your Windows based computer for connections to more than 4500 different financial related sites and log any usernames and passwords used to connect. When it finds your login information, that’s then sent along to a server that the trojan or virus writer controls and then they can transfer money out of your account or accounts.
Apparently this particular piece of malware is quite well written as well, because it is fairly stealthy in it’s infection of a Windows PC, with one of the things tipping users off being an application known as PSExec to find other machines on the local network to infect.
Many of the recommendations for Business and home users run along the lines of using a dedicated machine just for your financial transactions online and to not use the same machine for browsing the internet or checking email. Unfortunately for many home users the luxury of having multiple machines is just not practical. I think the use of virtual machines are something that could be an option (although if your host machine is running Windows and infected with a key logger, then your virtual machine usage could also be at risk.) There are suggestions also about using alternative operating systems such as Mac or Linux for conducting such transactions. Unfortunately there are still some banking and finance sites that have a requirement of Internet Explorer either intentionally or through poor design.
An article from July indicates that there were around 500,000 estimated infections of this trojan, and like many it may be undergoing constant modification to evade virus detection signatures. It’s not that linux and mac are impossible to be targeted, but right now they are not and that gives you an advantage in using them currently. So, if you’re checking email, browsing the web and social networking sites on the same machine that you pay your bills it’s time to start thinking twice about the sites you visit and making doubly sure your antivirus is up to date and working. Consider even using a bootable live cd as your sandbox environment for logging in to online banking sites, that way you could leverage the same system without having to buy a computer JUST for that purpose. From what I see the key logging of the clampi virus or clampi trojan wouldn’t persist through a boot to a livecd or second operating system on the pc.