Discovered: January 16, 2008
Updated: July 23, 2009 11:36:14 AM
Also Known As: Win32/Ilomo.BC [Computer Associates], TROJ_ILOMO.B [Trend]
Type: Trojan
Infection Length: 402,952 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Trojan.Clampi is a Trojan horse that connects to a remote server and may download further updates or other threats on to the compromised computer.
Note:- Symantec Security Response has observed an increased number of infections since July 1, 2009 for this Trojan.
- The Trojan does not have the functionality to spread on its own, but it uses the following legitimate tool to spread within networks: PsExec
- Users of Symantec Endpoint Protection 11 or later can configure their software to prevent the execution of PsExec. The following MD5 hash should be used in conjunction with the instructions provided in the article How to configure Application Control in Symantec Endpoint Protection 11.0: 0x9178451979c2192c71eb286de3e1b2f7
For more information, please read the following:Protection
-
Initial Rapid Release version January 18, 2008 revision 040
-
Latest Rapid Release version February 1, 2010 revision 022
-
Initial Daily Certified version January 17, 2008 revision 033
-
Latest Daily Certified version February 1, 2010 revision 033
-
Initial Weekly Certified release date January 23, 2008
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: High
-
Number of Infections: 50 - 999
-
Number of Sites: 10+
-
Geographical Distribution: High
-
Threat Containment: Easy
-
Removal: Easy
Damage
-
Damage Level: Medium
-
Payload: May download other threats on to the compromised computer.
Distribution
Writeup By: Liam O Murchu and Kaoru Hayashi
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
