Need to Know: The ‘Clampi’ online banking Trojan

Clampi isn’t new, and it is only one of a number of serious threats to UK online banking users. We look at the facts in this cheat sheet.

A Trojan virus called Clampi' has been reported by the national papers as being a new' threat, but in reality it's just one of the botnets already out there targeting businesses and individuals.

What is it?

Claimpi is a Trojan. It works by infecting a computer when a user visits a website that hosts malicious code.

It sits unnoticed on an operating system until a user logs on to a banking website, and sends the details to a server run by criminals that can take advantage of associated account details.

When was it born?

Contrary to reports, Clampi is not new. In fact, it has been around in one guise or another since 2005.

Is there anything particularly new about it?

Security company Symantec says that it is still researching Clampi but couldn't say there was anything new or different about the threat that wasn't already known in the security world.

"The Clampi virus might be the next big threat' for computer users, but it has actually been around in one guise or another since 2005," said Rob Cotton, chief executive of NCC Group.

How much of a threat is it?

Rik Ferguson, solutions architect at Trend Micro, doesn't see anything particularly unique or new about Clampi that researchers have uncovered to make it the next big threat'.

Many reports have suggested that Clampi is a nationwide threat. But Ferguson thinks it is not unique in that respect. "To be honest, that can be said about botnets in general," he said.

"Botnets are definitely the delivery platform of choice for cyber crime because it allows them to operate in a distributed fashion. It allows them to benefit from things like high availability and economies of scale that legitimate businesses can benefit from."

He added: "[Criminals] keep repacking and modifying the code to fly under the radar of signature based detection."

What can I do to protect against Clampi and other threats?

Common sense thinking appears to be the order of the day, according to security experts.

"As with most of these nationwide threats', a little common sense goes a long way keep your security systems up to date, don't click on suspicious links, change your passwords regularly," advised Cotton.

Matt Hampton, chief technical officer at Imerga, said that consumers and businesses should use simple measures such as anti-virus and firewalls, as well as the appropriate Microsoft security patches.

"Additionally, online bankers should use a bank that uses two-factor authentication before allowing bank transfers," he said.

"This means that your password is never the same, so the snooping would only allow the malicious individual to transfer money between your existing accounts."

Want to read more background on the latest IT topics? Click here for all the tech cheatsheets in our Need to Know series.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021