A security researcher has discovered a Trojan that is designed to extract account data from as many as 4,600 of the world’s most popular and wealthy businesses. In “one of the largest and most professional thieving operations on the Internet,” a Trojan called Clampi (also known as Ligats, llomo, or Rscan) has spread across Microsoft networks in a worm-like fashion, and may already have infected hundreds of thousands of corporate and home PC users, according to SecureWorks researcher Joe Stewart, one of the world’s foremost authorities on botnets and targeted attacks.
“We weren’t all that worried about Storm, and we weren’t all that worried about Conficker,” Stewart says. “This one you need to worry about.” The Trojan uses PsExec — a popular, lightweight Telnet replacement tool that lets one system execute processes on other systems — and a sophisticated process of encryption and packing to hide its origins and targets. So far, Stewart says, the Trojan appears to be targeting 4,600 Websites, of which he has identified approximately 1,400 in 70 countries. Among the industries being targeted are banks, credit card companies, stock brokerages, insurance, retail, advertising networks, and utilities.