The most recent piece of evidence comes courtesy of the 2009 Black Hat conference going on right now in Las Vegas. MX Logic reports from this year’s conference that a new trojan called “Clampi” is being used for highly sophisticated identity theft. The researcher cited from SecureWorks claims that hundreds of thousands of PCs have already been infected.
The trojan itself is highly dangerous, targeting both online banking credentials as well as personal identity information. It is funny that this trojan is so prevalent, because it was identified by security vendors like Symantec back in early 2008. The problem with today’s malware is that they simply don’t stay static. Each trojan, virus or worm morphs into thousands of variations that avoid traditional blacklist antivirus.
The hard facts are that blacklist antivirus simply provides no protection at all. By the time you react and update your signatures, another version of the malware is on its way out the door. Identifying infection and cleaning up the mess is important, but it simply isn’t the type of protection that people need for their valuable IT assets. It is time for everyone to begin a process to move toward a system that can prevent infection in the first place. As we highlighted in our Rational Transition to Whitelisting series of posts, we think the answer to that problem is application whitelisting.
[...] number of systems that belong to botnets. We recently blogged about two botnets formed by the new clampi trojan and the older conficker malware. Unfortunately, traditional blacklist anti-virus technology [...]