In this TrustDefender Labs report we look at a new strain of the notorious Torpig Trojan that gained massive publicity in 2008 when it was distributed together with the Mebroot / MBR virus. In this report we look at a new variant that will do an impressive amount of things completely without administrator privileges.

Thanks to an effective PR strategy, most probably everybody has heard about URLZone by now.

It’s been a while since we last looked at and analysed a Silentbanker Trojan in October 2008 and we have written about it on our blog at http://www.trustdefender.com/blog for some time.

Introduction

This is an in-depth analysis of a Trojan called Clampi or otherwise known as Ilomo or Clomp. Clampi got quite a bit of press coverage lately. As always, most press reports are not really technically correct and we look at Clampi here from a technical point of view.

As we received a number of requests for an in-depth analysis of the new Mebroot variant mentioned in the previous article, we have this report finally available.

If you are interested, please drop us an email to labs@trustdefender.com.

As we received a number of requests for an in-depth analysis of the new Mebroot variant mentioned in the previous article, we have this report finally available for you to read.

As we received a number of requests for an in-depth analysis of the new Mebroot variant mentioned in the previous article, we have this report finally available for you to read.

A handful of academic researchers recently completed another thorough and fascinating report about Torpig: "Taking over the Torpig Botnet". Torpig is an especially evil little piece of Crimeware. Over the past couple of years, ThreatFire has been preventing fairly high numbers of Torpig/Sinowal/Anserin infections all over the world, keeping this bank account and credit card number snorting nastiness penned up.

We have posted some technical analysis to the mebroot/MBR/Sinowal trojan lately and while we at TrustDefender Labs focus quite heavily on the analysis of the trojans and infection vectors itsself on the client side, Researchers at the University of California looked at the data they received on the server side. This compliments our research quite nicely as it provides hard facts how successful those attacks are and how much data the bad guys actually receive.

We have posted some technical analysis to the mebroot/MBR/Sinowal trojan lately and while we at TrustDefender Labs focus quite heavily on the analysis of the trojans and infection vectors itsself on the client side, Researchers at the University of California looked at the data they received on the server side. This compliments our research quite nicely as it provides hard facts how successful those attacks are and how much data the bad guys actually receive.