Business Security Information

It is usually not the purpose of this blog to write about every type of virus or malware that is discovered–there are  plenty of websites out there that do a good job of that.  Sometimes, however, I do like to make note of malware that I feel can affect your business in a broad way.  I wrote about the conflicker worm back in May of this year for similar reasons.  Some of the security measures that I mention in both articles will help protect your business from a variety of malware, not just the ones noted in these two articles.

Recently a number of articles came out about a Trojan which was named Clampi.  One of the reasons I thought it important to touch on this particular Trojan is that Joe Stewart from Secureworks stated that it is “one of the most professional thieving pieces of malware” he had ever seen.  The Trojan is written so that it will grab log-in information for almost 4500 websites.  So far, researchers have identified sites including mortgage, insurance, on-line casinos, news sites, banks, military portals and other similar types of operations.  Most other Trojans are setup to identify and grab log-in information for less than 50 websites.  The capabilities of this Trojan appear to be more than your run-of-the-mill piece of malware.

What is Clampi?

Clampi is a Trojan that infects Windows-based computers.  Symantec noted that it can affect Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista and Windows XP.  It was originally discovered back in January of 2008 but was updated in July of 2009.  Symantec has seen an increase of infected computers since the beginning of July of this year.  The purpose of the software is to steal log-in information from a variety of applications and send it to the attacker which is really no different than so other many types of malware.  Bottom line–it was developed to steal money.  There have been a few identified cases of businesses that have had money stolen due to this piece of malware.  For example, one business lost approximately 75,000 dollars due to Clampi.  The details are sketchy, but it appears that the Trojan was on one of the company’s computers for over a year before the money was stolen from the company’s bank account.

How Do I Get Clampi?

Like most malware, you can get the virus by opening an e-mail attachment or by it exploiting a known Windows’ vulnerability.  It has also been noted that it appears it can be installed on a computer with a drive-by download, meaning that when you view an infected web page, it is installed on your computer.  Again, none of these features are unique to this Trojan.  Some researchers have even stated that a computer can become infected from a USB drive (flash drive) when connected to a computer’s USB port.

Protecting Against Clampi!

As always, there are a number of measures you should take to protect your business from this type of malware with some specific to this particular Trojan.  Let’s look at some measures or steps you can take:

• Disable autoplay so executable files can not run automatically when a USB or Flash drive is installed on the computer.
• Keep your computer updated with the latest security patches.  This  helps with a number of security issues beyond just these type of drive-by Trojans.
• Configure your e-mail server to block or remove attachments from e-mail, especially for .vbs, .bat, .exe, .pif, and .scr files.
• Set up one computer that you would use just for financial transactions such as bank or broker accounts.  The computer would have to run minimal services and not be used for any other web- surfing activities.  You would also have to isolate it from the rest of the network.
• Use a variety of anti-virus, spyware and malware programs.  It is being debated whether security software is effective against this particular Trojan, but Symantec does have a virus definition for it.  I would presume other companies do as well.
• Run anti-malware software from a bootable CD.
• As with most e-mail, don’t trust just the From address because this can be forged.  Always verify the source of the e-mail if you are suspicious.
• One researcher also suggested that you open attached Microsoft Office files in Open Office first.  This is a neat idea, and Open Office is available as a free download for both Windows and Linux.  I use Open Office quite a bit.
• To protect against drive-by downloads, you can use Sandboxie or a similar program to reduce the chance of spyware and malware being installed on your computer while surfing the internet.
• To keep up on what vulnerabilities you have on your computer, you can use Secunia Online Inspector.  This on-line scanner will inform you if all the latest Windows patches have been installed along with detecting insecure versions of about 100 software applications.

There are instructions on a variety of websites that show how to remove this particular Trojan from a computer, but they are too long for this post.  Symantec has a set of Clampi Removal instructions that are pretty easy to understand.

Scan your computers for this Trojan and remove it if found.  Make sure it is completely removed before using the computer for business purposes.  If you have any other ideas or input on this Trojan or protecting computers from malware, comment below and share with the rest of the readers.

Related posts:

1. Malware
2. Trojan Horse
3. Obfuscated What?