First reported on September 11 by Brian Krebs of the Washington Post (a great column I've listed on my blogroll - read it regularly and you might just shut down your PC) the Clampi virus is spreading worldwide.
This virus is a trojan that sits on users' Windows PC and logs passwords and user IDs when one of roughly 4,500 banks or financial institutions is accessed. The passwords are then sent to one of a number of servers and an army of "mules" is then used to access these accounts and make multiple transfers out of the country. The focus of the virus is on business and not-for-profit organizations that do not have the same legal protections as consumers for this type of fraud. Quite a number of businesses and school districts have been victimized by Clampi.
The standard protection from this type of virus is to keep your anti-virus software current, avoid opening email attachments, avoid suspicious web sites, be careful using chat software like Yahoo messenger or Skype, etc. In other words: be diligent, be inconvenienced, and be scared.
An even better idea would be to authenticate email, authenticate the counter party on chat sites, require banks to authenticate your PC when your account is accessed, and of course authenticate web sites. All of this would be horribly expensive without DNSSEC. But with DNSSEC it could happen almost automatically. And automatically is what users want and should expect.
Litigation from victims of these scams is picking up. That is probably what is needed to get effective authentication deployed.
Comments