An Enormous "Professional Thieving" Botnet Discovered by Researchers

A malicious infection that is currently stealing a considerable amount of financial data from consumers, has infected upwards of one million PC's.

Claims from persons who logged into banking, stock broker, credit card, job hunting, e-shopping and insurance account sites have noted a botnet infection.

There are various sophisticated infections out in the wild that could be forming botnets for the purpose of distributing malicious commands to the compromised systems. One of the most professional thieving malware infections was recently revealed. It is called Clampi or Clampi Trojan. This is one infection that has infected anywhere between 100,000 to 1 million computers around the world. As of now, security researchers do not have a sure way for counting the number of systems infected.

This particular malware infection targets the user credentials of 4,500 web sites. Having that great of an impact, the Clampi Trojan could potentially spread to over 1 million systems.

The Clampi Trojan dates back to the year 2007 when it was first tracked by Joe Stewart, director of malware research for SecureWorks' counter threat unit. Stewart has identified Clampi as being different from other key-logging or spying malware parasites. It uses multiple layers of encryption so it can go undetected for longer periods of time. Even still, the packing the Clampi uses is a level of sophistication not seen in other botnets.

"You can't look at Clampi with a conventional tool, like a debugger. It's a real mess to follow, frankly," Stewart has said. In addition, he has noted that "They're using virtual machine-based packers that lets them take code from a virtual CPU instruction set, so that the next time it's packed, it's completely different."

Between the hijacked systems and botnet command-and-control server, Clampi is able to encrypt the traffic. This allows the infection to hide from antivirus scanners or any other detection software.

Somehow the Clampi infection is reminiscent of Conficker worm. It could be a long-lasting botnet that spread over time to cause another media outbreak warning users of another dangerous computer parasite.