Clampi virus targets companies' financial accounts

Cybersecurity experts are racing to tame a fast-spreading computer virus that takes deadly aim at financial accounts that are universally used by businesses.

The virus, called Clampi, "is pretty scary," says Tim Wilson, editor of DarkReading, a technology security news site. "It's worth worrying about."

At least 500,000 computers have been infected by Clampi since March, and it's spreading "by leaps and bounds," researcher Joe Stewart told cybercrime experts meeting this week at the Black Hat security conference in Las Vegas.

Anti-virus programs can detect and block Clampi, but the attackers are adept at tweaking it so it gets through, Stewart says.

Clampi is one of a few dozen "banking Trojans" that target online financial transactions.

But unlike some that prey on consumers' online banking accounts, the criminals behind Clampi "are going after bigger fish" — primarily companies — says Mikko Hyppönen, senior analyst at anti-virus firm F-Secure.

Windows PCs can pick up the Clampi infection when a user clicks on a tainted Web page, including ones on innocuous-looking legitimate sites that have been hacked.

An infected PC then waits to see if the user logs into personal accounts at any of 4,600 Web pages for a wide array of businesses and government agencies — and their banks.

It then sets a trap to obtain the user name and password of network administrators who have clearance to access all of an organization's Windows PCs. It logs on as the administrator, then spreads companywide.

Attackers are then able to wire cash transfers to "mule" accounts they control using banks' automated clearinghouse (ACH) systems.

Because Clampi and other banking Trojans are so ubiquitous, businesses should make online financial transactions only on PCs dedicated to those tasks — and that aren't used for e-mail, accessing social networks or browsing the Internet — Stewart says.

Slack Auto Parts, a chain of 10 stores in Gainesville, Ga., learned that lesson the hard way.

It lost $75,000 July 3-7, says owner Henry Slack. Clampi-infected computers sent nine payments to six different mules — and failed to transfer an additional $69,000 in eight other attempts.

"I don't want this to happen to anyone else," says Slack. "Unlike personal banking, your bank will probably not automatically make you whole when you are defrauded."