Clampi Virus targets online banking
In the modern world, most people never see their bank (with the exception of ATM withdrawals). We use bill pay, direct deposit and bank debit cards. This is the exact behavior that the Clampi virus is living on.
Clampi is a very stealthy virus, just biding it’s time on a compromised machine and watching for connections to online financial websites. So many so that the London Times Online reports:
The trojan has a list of more than 4,500 finance-related websites that it monitors, including British high street banks. Security experts warned that it was one of the stealthiest and most pervasive threats to computers using the Microsoft Windows operating systems.
The virus appears to be geared with more of the business users instead of the normal home user (though it does infect home users). If the virus does end on a work computer, it will attempt to capture login credentials administrators and spread itself through the network. As it spreads, it continually monitors for login information to the watch list of financial websites. If this virus does infect the finance group of a company, it will attempt to send wire transfers from that account. You can ask Slack Auto Parts. It has been reported that they lost $75,000 July 3–7, says owner Henry Slack. Clampi-infected computers sent nine payments to six different mules � and failed to transfer an additional $69,000 in eight other attempts.
A word of warning, if your computer is designated for financial usage, please do not surf the internet or use social media sites to minimize the risk of infections.
Since this virus has been out for a while, all the major antivirus vendors have updated definition files that include the scan for this particular virus. Make sure your system is always updated and scanned on a regular basis. If you would like to run a quick check, using a different vendor, I recommend these online scanners:
TrendMicro: http://housecall65.trendmicro.com/
Symantec: http://security.symantec.com/sscv6/WelcomePage.asp
McAfee: http://home.mcafee.com/downloads/freescan.aspx?cid=60447
Panda: http://www.pandasecurity.com/activescan/index/
Categories: Malware Tags: age, amp, antivirus, antivirus vendors, are, as, atm withdrawals, attempts, bank debit cards, business users, can, comp, computer, Download, downloads, exact behavior, Files, finance group, financial websites, FREE, heck, henry slack, Home, home users, housecall65, Internet, login credentials, london times, mcafee, Micro, microsoft, microsoft windows, microsoft windows operating systems, online, panda, pervasive threats, ports, quick, Read, REG, scanner, Security, security experts, security symantec, street banks, symantec, system, the, title, Tree, trendmicro, use, virus, warning, Web, website, Welcome, Window, WINDOWS, windows operating system, windows operating systems, wire transfers, word, work computer, World, you
When is an antivirus really a virus?
Today I received a call from one of my external users that was unable to access any websites because some new antivirus was saying he was unprotected and every website had malicious code.
Since I know that we have McAfee 8.5 deployed to our users, I knew that this was not a McAfee issue. As we discussed it a little further he was mentioning that the Antivirus wanted him to purchase the software.
This isn’t the first I have heard of this. There is a software company Innovagest 2000 that is producing this software. They advertise it as an antispyware application, but it is the spyware. On some less then savory websites you will get a pop up that says that your computer maybe infected and they offer a free scan.
The fear of being infected motivates a lot of people to run this free scan. Unknown to them this application installs underneath and now you are stuck. On that note, I do recommend only doing the online scans from reputable sites. I personally recommend the following: Symantec, Panda, and McAfee.
This application is extremely hard to get rid of. It reregisters and installs if it is not completely uninstalled correctly.
I hate programs like this. But it is a fact of life out there. The modern day snake-oil salesman.
While the program is running you will see the following undesirable behavior:
- A “Windows Security Center” stating that you should purchase Personal Antivirus.
- Numerous alerts stating that your computer is under attack or that you have malware running on your computer. If you click on these alerts, Personal Antivirus will be installed, or you will be brought to the purchase page for the program.
- Your Internet Explorer browser will be hijacked to show security warnings when browsing the web that stop you from reaching your desired page.
As I mentioned before this bugger is very hard to get rid off. But not impossible. I found these instructions at BleepingComputer.com.
Categories: Malware Tags: age, Alert, antivirus, application, are, as, bugger, can, comp, computer, Download, downloads, external users, fact of life, fear, Files, fix, FREE, free scan, inpost, Installation, internet explorer, internet explorer browser, launch, malicious code, Malware, mcafee, online, panda, Personal Antivirus, print, program, quick, REG, registry, Review, Security, security warnings, snake oil salesman, Software, software company, spyware, symantec, the, undesirable behavior, View, virus, warning, Web, website, Welcome, WINDOWS, windows security center, you
New Computer Security Mistakes
I wanted to pass on what I see as some of the top computer security mistakes that most casual computers users make when first setting up a new computer:
- Setting an non protected newly imaged computer on the internet. Before installing any computer on the internet, you will want to install at least an antivirus and make sure that the built in firewall for Windows is opened. I personally have a DVD with a lot of first install applications on it. This includes Comodo Antivirus, Comodo Firewall, Windows XP Service Pack 3 (Network Admin Installer), and Vista Service Pack 2 (Network Admin Installer). As well as a few other odds and ends. I run these installs before I ever connect my machine to the wireless network. I know the virus definition files for the Antivirus will be outdated, but that is corrected shortly.
- Not running updates as soon as online. After installing all the applications mentioned above, I get my system on the network and run updates on my antivirus software and then running the Windows Update. This is a very important step. Just because an antivirus is installed or the latest Service Pack applied, it does not mean you are protected. With more and more vulnerabilities and viruses being released daily, it is a never ending battle to keep yourself protected. Not only should you worry about the security software, but any application you install, please run all the updates.
- Setting your primary login ID as an administrator. I know this one is hard, but it has been brought to my attention, and rightfully so, it is not recommended. An administrator account has unlimited rights and power on a computer. You can create a separate user and make is a power user. For the Administrator account, you should rename it from Administrator and put a secure password on it. Also, disable the guest account on your system for safety measures.
- Password, Password, Password, and did I mention password? I know this is your home computer and you wonder who would get into it. Well, since the computer has become so integrated in our lives, we store everything on there. From bank information, important documents, Tax information, families information, on and on. If your computer gets stolen, someone else now has all of that information. If you do not have a secure password (see earlier posting) then it’s easy for them to get in.
- Disk Encryption.This is a topic I will discuss more in depth in the next few days. There are many free drive encryption applications available that are very very good. The reason for this encryption is so that if someone comes in and just grabs your drive out of your computer (less then 3 minutes for the most part) your data is secured. See item 4.
- Wireless Network Security. Again another topic I will get into later, but for the most part I can sum it up quickly. If you get a brand new wireless router, the defaults are the same. The same IP address, the same root password, the same SSID (Network name). With this information anyone in your area can get into your network. There are some things you can do to protect yourself and I plan on discussing it later, including what some recommended settings are. So please check back.
I hope that you found this useful information. Questions, comments and feedback is always welcome.
Categories: General Tags: administrator account, age, amp, antivirus software, application, are, as, can, casual, Comodo, comp, computer, computer security, disk, Download, downloads, family, Files, fire, Firewall, FREE, home computer, inpost, Installer, microsoft, network admin, new computer, odds and ends, online, password, passwords, quick, Safety, safety measures, Security, security software, service pack 2, service pack 3, Software, system, test, the, virus, virus definition files, viruses, Vista, vista service pack, vulnerabilities, Welcome, WINDOWS, windows xp, windows xp service pack, word, you
