A renowned researcher has stated our case:
"The best strategy to defend against Clampi is to use separate machines for Web surfingand funds transfer"
- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.
"Using Windows, it's too dangerous todo transactions on the same machine you do for Web surfing," he says."You can't have any crossover between them."
"The best strategy to defend against Clampi is to use separate machines for Web surfingand funds transfer"
- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.
"Using Windows, it's too dangerous todo transactions on the same machine you do for Web surfing," he says."You can't have any crossover between them."
Editor's Note: Looks to me likethe message we've been trying to get out for 15 months is finallygetting out. When one of the world's foremost authorities on web security says the only way to protect against Clampi is to use too separate machines, we agree 100% . After all, it was HomeATM who has stated unequivocally since day one, that people should use "separate machines" for Web surfing and financial transactions. That's why we created ours. The fact that it is PCI 2.x and TG-3certified only strengthens the case for using it. You surf the webon one machine (the PC) and conduct financial transactions on another. (our SafeTPIN device)
DarkReading
LAS VEGAS -- BLACK HAT USA 2009 -- A security researcher has discovered a Trojan that is designed to extract account data from as many as 4,600 of the world's most popular and wealthy businesses.
In "one of the largest and most professional thieving operations on the Internet," a Trojan called Clampi (also known as Ligats, llomo, or Rscan) has spread across Microsoft networks in a worm-like fashion, and may already have infected hundreds of thousands of corporate and home PC users, according to SecureWorks researcher Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.
"We weren't all that worried about Storm, and we weren't all that worried about Conficker," Stewart says. "This one you need to worry about."
The Trojan uses PsExec -- a popular, lightweight Telnet replacement tool that lets one system execute processes on other systems -- and a sophisticated process of encryption and packing to hide its origins and targets. So far, Stewart says, the Trojan appears to be targeting 4,600 Websites, of which he has identified approximately 1,400 in 70 countries.
Those 1,400 sites include some of the most popular and financially lucrative companies in the world. "This thing is like the Dun & Bradstreet of the underground hacking world," Stewart says. "It's attacking the sites with the most users and the most money." Among the industries being targeted are banks, credit card companies, stock brokerages, insurance, retail, advertising networks, and utilities.
Clampi is operated by a "serious and sophisticated organized crime group from Eastern Europe" and already has been implicated in numerous high-dollar thefts from banking institutions, Stewart says. "This attack is not being sold underground," he says. "You can't buy a Clampi kit like you can for other Trojans."
Clampi generally can avoid detection by antivirus software, and it even has the ability to discover which AV software a PC is using and take steps to avoid it, Stewart says. Enterprises currently can block Clampi with an intrusion prevention system, but Stewart says he doesn't expect that defense to last very long before the Trojan adapts.
The best strategy to defend against Clampi -- and other attacks that use a similar approach -- is to use separate machines for Web surfing and funds transfer, Stewart says. "Using Windows, it's too dangerous to do transactions on the same machine you do for Web surfing," he says. "You can't have any crossover between them."
Read the Entire Article at Dark Reading
