Detecting malicious code 'super dangerous'
Security researchers have discovered a very malicious type of malicious code that has infected and stole user information on millions of PCs .
'Shoot' 4,500 websites
Joe Stewart, director of SecureWorks 'malware research division, affirmed:' Clampi is the most professional line of malware stealing I've ever seen. Very few lines of malicious code are highly complex and widely spread like this malicious code . '
SecureWorks estimates that the number of PCs infected with Clampi ranges from 100,000 to over 1 million. This is the malicious code that attacks the Windows operating system. ' We do not have any effective measures to accurately count the number of infected PCs '.
Clampi's goal is for users of 4,500 websites to use various personal financial information such as banking, securities brokerage, credit cards, insurance, job search, e-commerce .
Stewart confirmed that 4,500 is a "really shocking" number. ' There are a lot of malicious code stealing personal financial information that exists on the Internet, but usually they target only about 20 or 30 websites. Clampi targets 4,500 websites '.
Source: Flickr Hackers infect Clampi to a user's PC by forcing them to open an email attachment or using multi-attack auto-attack tools that attack Windows operating system errors.
Once successfully infected with the PC, Clampi will closely monitor the browsing process of the people. If the user accesses one of the 4,500 websites mentioned above, Clampi will immediately record account information, username, PIN code and other personal information.
Clampi will transfer all the information it steals to a hacker server. These guys will then use that information to steal all the money in the user's account, use credit card information to buy goods or simply keep there when needed to use it. .
…toxic
Actually, if you only look at the above characteristics, Clampi is like most of the malicious code 'keylogger' or spyware (spyware), but not yet see the true malicious and dangerous nature of this malicious code. .
Stewart expert said Clampi differs from other malicious lines in operating scale and security encryption. This malicious code uses a multi-layer encryption solution and various tricks to hide the source code, making it impossible for security researchers to investigate in detail how it works.
' Even the method of encapsulating the source code that the developers of Clampi use is very complicated, it is very difficult to reverse the reverse engineer for research ,' said Stewart. ' I can say that this is the most difficult to reverse code malicious code I have ever encountered '.
Specifically, Mr. Stewart said Clampi developers have used source code tools that run on virtual machines. All information for packaging is taken from the microprocessor chip script on the virtual machine. Therefore, each time encapsulating the source code once, using different information. ' We cannot use traditional reverse engine tools to work with Clampi '.
Clampi encodes the entire flow of data traveling back and forth between the infected PC and the hacker's server. This data stream is encoded in different layers. Specifically, the 448-bit encrypted network communication data stream. Not only that, every line of code that attacked Clampi was also encoded by independent methods.
To avoid detection by malicious software, Clampi hides active modules in carefully encrypted Windows Registry keys.
Operation scale
Clampi's scale is also different from the malicious code specializing in stealing financial information. ' Clampi not only targets bank websites but also sites that users provide personal information that could be used to steal their money ,' Stewart said.
Of the 4,500 websites mentioned above, there are military portals, online casinos, advertisements, news, credit collateral, etc. These websites are hosted on servers located in more than 70 countries. different.
Not only is the foundation behind the support of Clampi's operations very large. It cannot be confirmed with certainty, but the signs that seem to be behind those who snatched the Clampi controller somewhere in Russia or Eastern Europe.
' It seems that there is only one group of hackers controlling Clampi ,' said Stewart. ' There are no any hackers forums about Clampi. Therefore, the information about this malicious code is not nearly as much. The group of hackers controlling Clampi also works very secretly . '
Stewart has been monitoring Clampi since 2007 until now. Previously this line of malicious code was very quiet and it was not until the beginning of this year that it began to boom strongly.
Mr. Stewart said it was very difficult to find the last clue to summarize the gang of hackers who took control of the Clampi. One reason is simply that the server used by hackers to control Clampi is not under the control of any commercial service provider that hides itself among infected PCs.
' Clampi is now spreading widely on Microsoft networks using technology and operating systems in a way similar to the computer worm. Apparently Clampi is far more dangerous than Conficker '.
You should read it
- Variation Srv.SSA-KeyLogger - 2 in 1
- Conficker controls 4% of globally infected PCs
- 'Battle' between KeyScrambler and KeyLogger
- How to detect keyloggers on smartphones
- New keylogger specializes in stealing passwords from IE
- How to block Windows 10 from tracking and collecting user information
- How many types of malware do you know and how to prevent them?
- Instructions for finding and deleting the original Keylogger from your computer
May be interested
- Warning: Dangerous new malicious code spills over to Vietnamon the afternoon of february 14, bkav's virus surveillance system issued a warning about a w32.weakpass extortion encryption code-targeting campaign targeting vietnamese public servers of foreign hackers.
- How to detect malicious apps on Androidinstalling applications outside of google play is often potentially risky, making users more likely to steal personal data and money. therefore, the detection of malicious applications on android phones will help you distinguish what will be a safe application, where the application contains malicious code, thereby minimizing the download of dangerous applications. security and protection of android devices become safer.
- Detecting new malicious code capable of 'evading' most anti-virus softwarecybersecurity experts at hp company (usa) have discovered a new malware that is able to evade most anti-virus software. the new malicious code is named ratdispenser.
- Warning: New malicious code is infecting about 500,000 router devicescisco researchers have released a warning warning about a malicious malicious code called vpnfilter, which is spread by a group of hackers spreading more than 500,000 home or small companies' devices across the globe. world.
- 14 games on the App Store contain malicious code, iPhone users be carefulsecurity researchers wandera recently discovered 14 games linked to a server once used to control malware golduck that made the android world chaotic last year.
- Mass Logger: Keylogger is extremely dangerous with the ability to change the world of malicious codemass logger regularly updates and adds new features to avoid detection.
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to preventthe 'blackmail' malicious code called petya, which appeared under the new version of petrraprap, is similar in effect to the wannacry malicious code, causing the computer system of many multinational companies to be shattered. according to the initial record, these first countries infected with malicious code include ukraine, russia, britain and india.
- Malicious code is growing upsecurity firm mcafee warns that malicious code is currently on the way to prepare to reach a new level of complexity and professionalism. not only the malicious code and adware are now becoming a professionally distributed service
- Dangerous malicious code, capable of self-mutating, attacking the vaccine manufacturing industrya dangerous type of malicious code, capable of mutating itself to avoid security software, is attacking vaccine manufacturing and supply companies globally.
- Warning: Detecting a campaign to spread malicious code GandCrab 5.2 into Vietnam via fake email of the Ministry of Public Securityvietnam computer emergency response center (vncert) has sent a dispatch to member units informing that there is a campaign to distribute malicious code to extort gandcrab 5.2 into vietnam and southeast asian countries. .