Clamping Down on Clampi

These are the days.

Get It Try It

In coming years people will look back on this nascent era in the birth of the Internet and not be able to understand what was going on. Poets, philosophers, sociologists, and psychoanalysts will join the throng of security-conscious computer users in attempting to explain how things could get this bad. This is not a computer issue - this is a computer user issue.

Brian Krebs writes an extraordinary column for the Washington Post. Security Fix posts are increasingly becoming a wealth of information that will be used by the US Federal Trade Commission and counterpart organs in other countries to legally bind Internet service providers into a total ban on Microsoft Windows and other Microsoft software products.

'Finding the notorious Clampi banking trojan on a computer inside your network is a little like spotting a single termite crawling into a crack in the wall', writes Krebs in his latest screed. Attackers recently used Clampi to bust the Sand Springs Oklahoma School District for over $150,000. School officials later found a great number of their computers were corrupted by the trojan.

'It was all over the whole office complex', said superintendent Lloyd Snow. Snow went on to claim he'd need about three times the current staff to deal with such issues.

To be or not to be: that is the question - whether 'tis nobler in the mind to suffer the slings and arrows of outrageous fortune or to take arms against a sea of troubles and by opposing end them.
 - Bill Shakespeare

Clampi also struck the offices of a dermatologist in Michigan who asked Krebs to not publish his name or that of his company because he didn't want his patients to be alerted to the possibility their health data had been compromised.

The dermatologist discovered that $40,000 had been stolen and that Clampi was on four computers in his office network.

Krebs ends up by relaying advice from SecureWorks and for once does not mention the obvious solution for the mess. And what's interesting - what's going to perplex the concerned minds of the future - isn't so much the story of Clampi as it's the puzzling way people react. There's namely enough here for dozens of dissertations.

Get ready. These come directly from the Security Fix comments thread.

Unfortunately, like most schools, we need about three times the number of people in our IT department than we have now.

No you don't, Lloyd Snow. You need only one somewhat intelligent person to make good decisions.

It does look as if we home users are going to have to dedicate a special computer to banking and other activities of that type. What a pity that this is necessary !...

No. You need - theoretically - to dedicate a special computer to isolated unconnected use for Microsoft Windows. All else should be non-Windows.

Well, instead of dedicated home computer, how about using a virtual machine to do the banking?

Yes. And that virtual machine means connecting with non-Windows. Why are you keeping Windows?

How about not using Windows for anything potentially dangerous?

Too radical. Not use Windows? Are you kidding? What happens to Notepad and Minesweeper? Be realistic.

The FBI/FTC need some 'secret shoppers' to intercept the 'work at home' offers that are a basic necessity for schemes like this.

The FBI/FTC don't need anything. If the FBI can prohibit Windows and if other countries can follow suit then the FBI can sit around all day eating doughnuts.

Would using a Windows XP or Vista limited user account and Firefox prevent a Clampi infection?

Oh definitely. Hahahaha. Go for it! LOL

I know that it may be wise to have a second machine dedicated to financial uses, but really, how many people can afford, let alone have space for a second computer.

True. And Ubuntu is prohibitively expensive.

This link describes in detail how to set up a Unix based OS (Ubuntu) on your existing Windows computer.

Suggestion ignored.

Another possibility is to use removable drives.

Hysterical. The Internet helps those who help themselves. The Internet will in this regard be going on an extended holiday cruise.

Ultimately though I have this feeling that the entirety of the Internet is doomed by these sorts of things.

There's nothing wrong with the Internet - only the Windows lusers lusing it.

Eventually people will throw up their hands and turn off the computer to do something like reading a book or playing cards.

Or just getting off Windows like everyone else.

Fleeing Windows is futile. There is no platform but Windows. We own the market. Yes you will pay thousands for additional software that promises to protect you but won't and can't. You will suffer the slings and arrows of outrageous fortune so just suck it up.
 - Bill Gates

See Also
Security Fix: Clamping Down on the Clampi Trojan