1         Executive Summary

We at TrustDefender Labs have been analysing various transactional Trojans for quite a while, and lately Zeus has been at the top of the class with a massive feature-set and a massive distribution network. Why create a new Trojan if the existing ones are still highly effective?

Thanks to an effective PR strategy, most probably everybody has heard about URLZone by now.

It’s been a while since we last looked at and analysed a Silentbanker Trojan in October 2008 and we have written about it on our blog at http://www.trustdefender.com/blog for some time.

It’s been a while since we last looked at and analysed a Silentbanker Trojan in October 2008 and we have written about it on our blog for some time.

It’s been a while since we last looked at and analysed a Silentbanker Trojan in October 2008 and we have written about it on our blog for some time.

This year’s annual Virus Bulletin 2009 is being held in Geneva, Switzerland. The presentations are very interesting with topics covering Waledac, Koobface, botnets, and other malware families ThreatFire is most effectively protecting users against every day.

Introduction

This is an in-depth analysis of a Trojan called Clampi or otherwise known as Ilomo or Clomp. Clampi got quite a bit of press coverage lately. As always, most press reports are not really technically correct and we look at Clampi here from a technical point of view.

We often get into situations where people thing that the “bad guys” are script kiddies that do this for fun. Every malware analyst will tell you that the innovation on the wrong side of the fence is astonishing…

Anyway, lets have a look at one of the latest examples of such innovation: Bankpatch.C.

Bankpatch is a fairly “old” trojan which first appeared beginning of 2007. However Bankpatch.C which was first released in September 2008 through to February 2009 has some major enhancements.

In this blog, we normally analyze nasty Trojans or other nasty stuff that is – in almost all cases – so new that very few Antivirus Engines can pick it up and protect the user (see e.g. the post about the yaludle/Silentbanker Trojan).

However, today the story is about a typical internet user, about Joe the Plumber, about the Hockey-Mum, about an old Trojan and about the reality out there in the world wide web.

After a few reports in the press around a new Malware that specifically targets Firefox users, we thought we have a more detailed look at this piece of malware.