Trojan Clampi Utilizes Shellcode for Circumventing FirewallsAccording to researchers at security company Symantec, the Clampi Trojan is executing strange ways for bypassing compromised computers' firewalls like the Windows Firewall. Using unique techniques, the Trojan, say experts, enhances its treacherous nature to beat common firewalls and makes its detection and assessment harder for security practitioners as well as vendors. The researchers said - generally Clampi tries to establish a contact with a gateway server such as "Gate" from where it receives commands and sends information. However, firewalls in general would not let the malware establish any link with the world outside computer. Meanwhile, all variants of Clampi are devised to surpass certain conventional methods such as creating new registry entries on a Windows system. Instead they would carry out the code injection method straight into the Internet Explorer web browser. While this method may be enough to launch an attack with most Trojans, Clampi's wicked activities involve many other stealthy forms, the researchers argue. Instead of leaving its active payload inside the browser and letting it get detected, Clampi is so programmed that it would perform its activities when it is necessary. Thus, the attackers have taken on to enforce an Application Programming Interface (API) proxy and inject as well as run code remnants inside the Internet Explorer. At the time Clampi requires transmitting data to Gate, it resorts to the API proxy. According to the researchers, immediately following Clampi's execution, the Trojan carries out an instance in the Internet Explorer. While the Trojan's window is concealed, its key strain is shelved, and Clampi is triggered off with a shellcode resembling command line, which notably comprises a tiny decrypting key and a subsequent American Standard Code for Information Interchange or ASCII sequence. In their ending note, the researchers said that while trojans of other kinds might embrace certain similar tactics to penetrate firewalls along with endpoint tools and tried to concea themselves, hardly any carried them out as effectively as Clampi or utilized as sophisticated techniques as those of Clampi. Related article: Trojans to Target VoIP in 2006 » SPAMfighter News - 11/6/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
