Clampi Virus | Clampi Trojan

Monday, September 21st, 2009

The clampi virus is in the news in a couple places today. Surprisingly it’s in Symantec’s virus database since January and rated as a low risk. However, the sole purpose of this trojan is to monitor your Windows based computer for connections to more than 4500 different financial related sites and log any usernames and [...]

Would you like spyware with that? Apple too….

Tuesday, October 17th, 2006

These stories come up from time to time. A free giveaway of some sort and it turns out that there’s spyware or a virus embedded, company gives a big “whoops” and fixes things by replacing them…. McDonalds had a promotion going where up to 10,000 people could win a flash based mp3 player they also [...]

Update on the Internet Explorer VML vulnerability

Friday, September 22nd, 2006

Just catching up on the days VML vulnerability news from today…. It looks as though… the exploit is now MUCH more widespread this blog has some video of an infection, what’s notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that they can harvest paypal/bank/etc. passwords…) [...]

Cleaning up after WMF Exploit – summary

Thursday, December 29th, 2005

Can I say enough times that after a bad trojan infestation you should format and reinstall? I’ve cleaned up the infested image that I “sacrificed” to the WMF exploit and as I’ve said you’re pestware install will likely be somewhat different. An exploit is just the road, the spyware and viruses are the cars. Once [...]

How festive – the dasher worm…

Thursday, December 15th, 2005

The securityfix is reporting on a new worm that exploits an older Windows vulnerability. The worm is called dasher and is in at least it’s second iteration. Sans noticed an odd increase in port 1025 scans on the tenth of the month which was early activity of this worm. It looks like the first version [...]

Illegal to disable some spyware?

Tuesday, November 8th, 2005

OK – for starters, the keylogger that sunbelt talks about here is a legitimate piece of software for sale. Like anything though it could have illegit uses. Apparently retrocoder is upset that Sunbelt’s software detects spymon and gives the option of disabling it. Spymon is a commercial keylogger. They’ve claimed that it’s against their EULA [...]

Another Dumaru variant

Wednesday, August 24th, 2005

Sunbelt has found another keylogger in the dumaru family and has updated their free tool to scan for it and clean it up. This is the same family of trojans/keyloggers that contributed to the large ID theft discovery they made earlier in the month.    Send article as PDF   

Another entry in the sunbelt discovery of a keylogger

Monday, August 15th, 2005

Sunbeltblog has another entry in the continuing story. Really, there is not much new here, but iDefense has analyzed the code of the trojan that was discovered and have stated that it is not related to CoolWebSearch. (Which is what sunbeltblog has been saying for some time.) They initially said it was discovered during a [...]

Sunbeltblog has more info on the identity theft keylogger and will offer removal tool

Thursday, August 11th, 2005

There another two fascinating posts in the saga of the massive identity theft that was reported in the Sunbelt blog. For starters they detail the beast here. It sounds truly devious, MAY still be related to coolwebsearch after all. It turns off Windows firewall and runs through Internet Explorer (thereby bypassing any other software firewall.) [...]

Identity theft protection and update on Massive Identity theft story

Monday, August 8th, 2005

Sunbeltblog has another update related to their earlier story about the massive identity theft ring. In this story they make clear that the keylogger was NOT directly related to coolwebsearch. It was apparently seperate and independant it was discovered during a coolwebsearch infestation, but appears unrelated.    Send article as PDF   


Switch to our mobile site