New Trojan virus poses online banking threat

Cyber criminals have created a highly sophisticated Trojan virus that steals
online banking log-in details from infected computers.

The Clampi virus, which is spreading rapidly across hundreds of thousands of
computers in Britain and the United States, infects computers when users
visit websites that host a malicious code.

Once on the computer, the virus sits unnoticed until the user logs on to bank,
credit card or other financial websites. It then captures log-in and
password information and sends it to a server run by the attackers. They can
then tell the compromised computer to send money to accounts that they
control, or they can buy goods with the stolen credit card details.

The trojan has a list of more than 4,500 finance-related websites that it
monitors, including British high street banks. Security experts warned that
it was one of the stealthiest and most pervasive threats to computers using
the Microsoft Windows operating systems.

Orla Cox, security operations manager with Symantec, the online security
company, said: “Clampi is a complex threat. People are only just beginning
to understand how it operates.”

Researchers have found that the list of sites that Clampi is monitoring
includes banks, credit card companies, online casinos, e-mail, wire transfer
services, retail sites, utilities, share brokerages, mortgage lenders and
government sites.

Ms Cox said: “The first big wave was in the US in July, but it is spreading
around the world, particularly English-language countries. We have seen
samples of it targeting UK high street banks. There is potential for another
wave to come.”

It is estimated that more than 1,000 out of 40,000 or more infected computers
have been in Britain. Only computers running Microsoft Windows are affected.
Most of the infections seem to have occurred among small and medium-sized
businesses, many of which have been reluctant to reveal how they have fallen
victim.

In America, $75,000 (£46,000) was stolen in July from Slack Auto Parts, a car
parts supplier in Gainesville, Georgia. In August, criminals used Clampi to
steal online banking details for the public school district in Sands Spring,
Oklahoma. The attackers then submitted a series of false payroll payments,
totalling more than $150,000.

The attack was one of a series on American schools in which criminals hired
unsuspecting money mules — people who transfer money or fraudulently
obtained high-value goods — to receive the transfers of stolen cash and then
wire the money out of the country. Cyber criminals stole more than $700,000
from the Western Beaver School District in 74 fraudulent electronic
transfers, The Washington Post reported.

Clampi is one of a new wave of viruses to target the online banking system.
Its emergence came as security experts warned that malicious websites hiding
trojan viruses were no longer confined to sites such as gambling and
pornography.

A recent report by IBM security systems found an increase in malicious content
such as viruses on trusted sites, including popular search engines, blogs,
online magazines and mainstream news sites. The number of links to malicious
web pages rose by more than 500 per cent in the first half of this year.
Last week, attackers placed a virus in an advert on the website of The
New York Times.

Trojan viruses such as Clampi accounted for 55 per cent of all new malicious
software in the first half of the year, IBM said, up from 46 per cent for
the same period last year. Researchers say that variants of Clampi — also
known as Ligats or Ilomo — have been around since 2005, but the new version
appears to be spreading more quickly.

Heading off hackers

Do not click on suspicious links to unknown sites within e-mails, instant
messages or social networking sites

Be cautious about doing business with unknown e-commerce sites and always use
a credit card, not a debit card

Install a comprehensive security solution and keep it up-to-date

Use a security solution that offers browser protection and a website rating
service Browser protection will block questionable downloads from getting on
to your computer, and website rating services can warn you if a site is
infected

Secure your wi-fi connection with a strong password to ensure that others
cannot connect to your network and access data stored on your computer

Any user whose system has been infected by Clampi should immediately change
any and all passwords used on that system for any websites, but particularly
financial credentials

Source: Symantec