New worm in town
Cybersecurity experts
are worried about a fast-spreading computer virus that takes deadly aim at
financial accounts.
Dubbed Clampi it has infected 500,000 computers since
March and it is spreading. Researcher Joe Stewart told cybercrime experts
meeting this week at the Black Hat security conference in Las Vegas that AV
programs can detect and block Clampi, but the attackers are adept at
tweaking it so it gets through.
Clampi is one of a few dozen "banking
Trojans" that target online financial transactions. The criminals behind
Clampi are going after companies. Windows PCs can pick up the Clampi
infection when a user clicks on a tainted Web page, including ones on
innocuous-looking legitimate sites that have been hacked.
An infected PC
then waits to see if the user logs into personal accounts at any of 4,600
Web pages for a wide array of businesses and government agencies and their
banks. It then sets a trap to obtain the user name and password of network
administrators who have clearance to access all of an organization's
Windows PCs. It logs on as the administrator, then spreads
companywide.
Attackers are then able to wire cash transfers to accounts they
control using banks' automated clearinghouse (ACH) systems.