Threat of the month: Clampi/Ligats

October 9, 2009

What is it?
Clampi (aka Ligats or Ilomo) is an information theft botnet. The malcode is a multicomponent tool that injects code into running processes, alters the PC's configuration and, once established, begins to harvest and send sensitive information from the PC to its handlers.
How does it work?
Clampi is usually distributed via exploits in Adobe client-side code. A user is lured into a website that contains exploits against known vulnerabilities in Flash or PDF extensions in the browser, causing the PC to download and install the malware.
Should I be worried?
Yes. Clampi is reportedly installed on hundreds of thousands of PCs and is used to actively harvest information from its victims.
How can I prevent it?
Vector sites should ensure that all Adobe products are patched against the latest vulnerabilities. Continuously updated AV will help enable the installer from working. Finally, running as a lower privilege user will prevent the malware installer from modifying the system and installing itself.

prestitial ad