English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

Trojan Clampi Utilizes Shellcode for Circumventing Firewalls

According to researchers at security company Symantec, the Clampi Trojan is executing strange ways for bypassing compromised computers' firewalls like the Windows Firewall.

Using unique techniques, the Trojan, say experts, enhances its treacherous nature to beat common firewalls and makes its detection and assessment harder for security practitioners as well as vendors.

The researchers said - generally Clampi tries to establish a contact with a gateway server such as "Gate" from where it receives commands and sends information. However, firewalls in general would not let the malware establish any link with the world outside computer. Meanwhile, all variants of Clampi are devised to surpass certain conventional methods such as creating new registry entries on a Windows system. Instead they would carry out the code injection method straight into the Internet Explorer web browser.

While this method may be enough to launch an attack with most Trojans, Clampi's wicked activities involve many other stealthy forms, the researchers argue.

Instead of leaving its active payload inside the browser and letting it get detected, Clampi is so programmed that it would perform its activities when it is necessary. Thus, the attackers have taken on to enforce an Application Programming Interface (API) proxy and inject as well as run code remnants inside the Internet Explorer. At the time Clampi requires transmitting data to Gate, it resorts to the API proxy.

According to the researchers, immediately following Clampi's execution, the Trojan carries out an instance in the Internet Explorer. While the Trojan's window is concealed, its key strain is shelved, and Clampi is triggered off with a shellcode resembling command line, which notably comprises a tiny decrypting key and a subsequent American Standard Code for Information Interchange or ASCII sequence.

In their ending note, the researchers said that while Trojans of other kinds might embrace certain similar tactics to penetrate firewalls along with endpoint tools and tried to concea themselves, hardly any carried them out as effectively as Clampi or utilized as sophisticated techniques as those of Clampi.

» SPAMfighter News - 06-11-2009

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>