Online banking virus hits SA

**Mie1** · 22nd September 2009, 12:49 PM

Since we still have a financial umbilical cord to SA, it may affect us too

Johannesburg - Computer security company Symantec said infections of a virus known as Clampi have been detected in South Africa. The virus targets internet banking users and captures usernames and passwords for banking websites.

According to Symantec, the virus was originally detected early in 2008, but infections have increased substantially since July 2009. British news site Times Online reported on Monday that the virus was spreading rapidly throughout the USA and Britain.

Said Times Online: "Once on the computer, the virus sits unnoticed until the user logs on to bank, credit card or other financial websites. It then captures log-in and password information and sends it to a server run by the attackers. They can then tell the compromised computer to send money to accounts that they control, or they can buy goods with the stolen credit card details."

While the virus has been detected in South Africa, Symantec said it is not yet as prominent here as it is in America or Britain.

According to Orla Cox, security operations manager at Symantec in Dublin, "Clampi isn't regionally specific, therefore there is no reason why users in South Africa wouldn't be affected.

"However, our own infection numbers show low levels of infection in South Africa - less than 1% of global infections," she added.

The Symantec virus profile for Clampi said the virus only effects users of Windows computers.

It is recommended that users ensure their computers are up to date and have antivirus software loaded with the latest virus profiles in order to prevent infections from Clampi.

Fin24.com

**Geek** · 22nd September 2009, 07:55 PM

Thanks, Mie1. Clampi is nasty stuff. Make double sure your AV is up-to-date and reputable.

Clampi Is Latest Malware Threat To Target Online Users

22 September, 2009, by Desire Athow

Internet users who use websites of banks and other financial institutions have been warned about a new virus known as Clampi which scrapes logins and passwords and sends it back to its masters.

The malware otherwise known as Ligats or Ilomo is prevalent in the US and UK and operates by monitoring in the background any websites that might need a login and a password for access.

According to the Times Online, security researchers have found out that Clampi creators are monitoring more than 4500 finance related websites including "banks, credit card companies, online casinos, e-mail, wire transfer services, retail sites, utilities, share brokerages, mortgage lenders and government sites."

Orla Cox, security operations manager with Symantec, told the newspaper that “Clampi is a complex threat. People are only just beginning to understand how it operates.”

More worrying is that it appears to be particularly good at hiding itself and unlike its predecessors, uses more traditional methods, like blogs and news websites to spread around, making it more difficult to stop.

Our Comments
This time around, the bad guys were ahead of the good ones. It just goes on to show that security companies can't rest on their laurels. It is worrying as well that Clampi was only discovered when it was too late.

New computer virus puts online banking passwords at risk
(Dailymail)

Clampi virus spreading across UK and US PCs
(PCAdvisor)

New Trojan virus poses online banking threat
(TimesOnline)

New Trojan virus lurking online
(Wect)

Clampi Virus Spreading; New 'Stealthiest' Trojan Steaks Bank Info
(Postchronicle)

**Geek** · 22nd September 2009, 08:20 PM

I use Malwarebyte's Anti Malware to secure one of my laptops and it is without doubt one of the best applications out there. Best of all, it's got a free version. Well worth checking out.

Malwarebytes.org