The Clampi Trojan, believed to have infected hundreds of thousands of machines, basically functions as a botnet under the command-and-control of a botmaster, probably in Eastern Europe, Stewart says.
As a botnet, it is sweeping up victim's sensitive personal data and sending it back through a set of command-and-control servers to cybercriminals. Clampi seems to be picking up speed in its spread since July and may be the Trojan used in a cybertheft scam that hit Gainesville, Ga.-based Slack Auto Parts earlier this month.
The Clampi command-and-control server is encrypted by 448-bit blowfish encryption, using a randomly generated key that is sent to the control server using 2,048-bit RSA encryption. SecureWorks got through the encryption layer by intercepting the session key in a test system and decrypting the network traffic. This allowed the security firm to examine the list of Web sites targeted by a module that's part of Clampi.
How can you defend yourself against Clampi?
“There is no product you can buy to stop this as a zero-day attack,” Stewart says, though he added that antivirus software might eventually detect it and stop it later on your machine.
He recommended finding a way to use a “separate system” to conduct financial transactions, one that is not the same system you might use to browse the Internet. That would lower the risk of being infected by the Clampi Trojan.