|Home » Industry Watch » The Technological
True Peace of Mind
There's only one way.
Given the growing threat to business banking online it's becoming more and more obvious (and more and more talked about) that the only feasible way to work safely online - to achieve 'true piece of mind' - is to never use Windows for anything nontrivial.
To never let a Windows machine connect with any other machine used for crucial sensitive purposes.
Brian Krebs looked closer at the Clampi trojan that infected Slack Auto Parts and hid out of sight for a year before attacking. So did Joe Stewart of SecureWorks CTU.
Clampi is a real bastard. It's built like a Matryoshka doll, says Krebs. It's got layers and layers of code with pretty sophisticated stuff at each layer, even going so far as to use 2048-bit algorithms for transmissions.
The traffic sent by Clampi to the command-and-control server is encrypted by 448-bit blowfish encryption, using a randomly-generated session key which is sent to the control server using 2048-bit RSA encryption.
How do you protect against it? You don't really. You switch platforms. At last.
Given the prevalence and seriousness of the Clampi Trojan, it is recommended that businesses that carry out online banking/financial transactions adopt a strategy to isolate workstations where these activities are carried out from possible Clampi or other data-stealing Trojan infections.
Brian Krebs agrees - and offers further advice.
Stewart said the sophistication and stealth of this malware strain has become so bad that it's time for Windows users to start thinking of doing their banking and other sensitive transactions on a dedicated system that is not used for everyday Web surfing.
This isn't such a radical idea if you own a Mac or just have a spare computer lying around. If you want true peace of mind while conducting sensitive transactions online, grab a copy of a bootable live Linux installation like Knoppix or Ubuntu Live, burn it to a CD-ROM, boot the spare system up into that operating system, and do your online banking from there.
Joe Stewart adds the following for home users.
SecureWorks CTU recommends that home computer users use a computer dedicated only to doing their online banking and bill pay. They should not use that computer to surf the web and send and receive email, since web exploits and malicious email are two of the key malware infection vectors.
Will Joe Lusers on Windows finally get a clue? Perhaps. But judging from the comments around the web, things could still be tight: people are still wondering if there's perhaps some way to make Windows secure enough so one doesn't need that extra computer, emergency CD, or a complete platform switch. And Windows Se7en is coming in less than three months and that's really exciting, isn't it?
No it's not - but that's what the black hats are hoping Joe Lusers will believe.
SecureWorks: Clampi/Ligats/Ilomo Trojan
Security Fix: Clampi Trojan: The Rise of Matryoshka Malware
The Technological: The 'Growing' Threat to Business Banking Online