Talk:Clampi (trojan)

It should be noted
It should be noted, that this trojan uses is self-encrypting, packed and using a virtual machine to protect its code. Furthermore all network communication is encrypted using blowfish. — Preceding unsigned comment added by 89.144.192.162 (talk) 21:16, 17 July 2013 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 1 one external link on Clampi. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20090802114351/http://www.networkworld.com:80/news/2009/072909-clampi-trojan.html to http://www.networkworld.com/news/2009/072909-clampi-trojan.html

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.— InternetArchiveBot  (Report bug) 16:56, 25 November 2016 (UTC) This is a Virus that is used very frequently from "Tech Support" scammers. They will show you this in hopes that you will trust that they are trying to help you when actually they only want to log into your personal account information to attempt to scam money. — Preceding unsigned comment added by 47.40.254.110 (talk) 12:46, 13 February 2020 (UTC)

Semi-protected edit request on 3 December 2016
please change data to information Tony876543 (talk) 22:42, 3 December 2016 (UTC)
 * ✅ Thanks again, Dawnseeker2000  23:44, 3 December 2016 (UTC)

Semi-protected edit request on 3 December 2016
Clampi is a man-in-the-browser trojan that can transmit financial and personal data from an infected computer to a third party please change infected to compromised Tony876543 (talk) 22:46, 3 December 2016 (UTC)
 * ✅ Thanks, Dawnseeker2000  23:43, 3 December 2016 (UTC)

Semi-protected edit request on 25 July 2018
Add a warning to people that scammers pretending to do Microsoft Support often point to this page as a scare tactic and that they should stop communicating with them immediately. 173.177.41.82 (talk) 02:30, 25 July 2018 (UTC)
 * Red information icon with gradient background.svg Not done for now: WP:NOTMANUAL, describing in prose might be better  JTP (talk • contribs) 05:03, 25 July 2018 (UTC)
 * While not "standard" I don't see anything within WP:NOTMANUAL that disallows placing a temporary notice on top of the page. Sure, initially I planned to note what I've seen within the page text itself but that would easily be sidestepped by the scammers. What they're doing is opening the Wikipedia page on the victims machine and quickly highlighting the first few lines. They then close it and move on with the scam. By placing a warning block on the top of the page the user will see it prior to what the scammer highlights and hopefully defeats the scammer. I'm not sure why you decided to remove the block without even discussing it (WP:AGF). ≡  JE  ▪  Talk  06:14, 25 July 2018 (UTC)
 * I don't understand why you threw AGF at me. I did assume good faith, but we as an encyclopedia are not meant to help our readers with their problems, we are meant to inform them. Instead of saying "Hey, you're being scammed," a more encyclopedic way of doing so would be adding it in prose.  JTP (talk • contribs) 19:02, 25 July 2018 (UTC)
 * The concern here is that scammers are using Wikipedia, a service that is considered reputable, as a method to confirm their malicious attempts to extort money from those who aren't technically capable. This article is at best a stub that has been in a way hijacked for their use. We place all kinds of templates on articles that describe issues with it and I see no difference here. I'll see if there is a way I can tactfully add mention to the recent use in a way that can't be ignored by the scammers but I can't find references beyond screen captures of scammers doing this. Lastly, my reference to AGF is due to how you reverted the edit and resolved a request with "Not done for now" that was already "resolved" by placing a warning. If you disagreed with my method I would have appreciated a note about it; not telling the other editor it won't be done and quietly reverting. Wish you well. ≡  JE  ▪  Talk  19:44, 25 July 2018 (UTC)
 * Additionally, I used the template Template:Warning as described, " It should be used sparingly and only for important warnings about an article or a user that cannot be shown using a more specific template. Please only use it when something is seriously wrong and other people might not otherwise know about it. Less important comments should be put as regular text on the page's talk page instead." I felt and continue to feel that an article targeted for use by a bad actor to confirm their activities looks poorly on Wikipedia especially when an editor tries to help curb the malicious use only to have that effort subverted. Truly nothing personal with you; I get you're following what you feel is appropriate. But I disagree the warning isn't appropriate. ≡  JE  ▪  Talk  19:53, 25 July 2018 (UTC)
 * I don't feel like getting into a never-ending debate, do what you feel is best, I don't care.  JTP (talk • contribs) 20:49, 25 July 2018 (UTC)
 * Agreed; I've simplified the notice, re-added it and will remove it in a week. Again, wish you well! ≡  JE  ▪  Talk  21:16, 25 July 2018 (UTC)

Warning
is the warning banner really appropriate? No disclaimers in articles and it's not really our problem how others link to or re-use our articles. – Finnusertop (talk ⋅ contribs) 09:12, 10 September 2018 (UTC)
 * I wouldn't consider it a disclaimer. I would consider it more a warning that the article is being hijacked for scamming operations. I noted above that there was precedence (along with a template.) At one point it was being used heavily by scammers. I'm sure now they've moved on and the warning could be removed. Again, this article is closer to a stub than anything with substance. Scammers were using the fact that it was Wikipedia and quickly highlighting the first line (remotely) as a form of conformation. Wikipedia is a place for information obviously.. and in this case the information needed to be boldly described. ▪ JE ▪ (Talk) 03:08, 20 September 2018 (UTC)
 * (User talk:JE) If you don't like it then improve it! They use it because it's a stub and says scary stuff.  It WAS an important first in banking trojans, however it's hasn't been activacted for over a decade so I tried to change it to reflect that more.  I can't find confirmation the the russian hacker group abandoned it, only info that that the code was never shared or sold online and was only used by one syndicate.  I'm fine with changing it to "it WAS a banking trojan", in fact I'll be wp:bold and do it right now. Technophant (talk) 09:04, 2 June 2020 (UTC)


 * DONE. Looks a bit better.  Please keep in mind the Kaspersky article was likely updated around 2010 at the latest and this is virus will only be found on archive disks. Technophant (talk) 09:25, 2 June 2020 (UTC)

Semi-protected edit request on 4 February 2020

 * Reminder to any helper to read the discution before positionning oneself or making any comments ***** — Preceding unsigned comment added by 132.203.171.109 (talk) 23:12, 6 February 2020 (UTC)

Add this line as information regarding one of the current modern use of this virus at the end of the (only) paragraph : The virus is also often used as an excuse by scammers to pressure individuals into sending them money for the removal of a fake virus while it is posing as a cleaning software.
 * Red information icon with gradient background.svg Not done: That would be source misrepresentation. Dawnseeker2000  22:10, 4 February 2020 (UTC)

I do not believe so seeing as this is a quote from the article explaining the very thing I'm trying to get added : "Another variation of Clampi is used to steal money using scareware as a scam. In this case, Clampi poses as a virus cleaning service and warns you that your system is infected." — Preceding unsigned comment added by 132.203.171.109 (talk) 22:13, 4 February 2020 (UTC)
 * The article does mention that Clampi poses as a virus cleaning service (this is in Kaspersky's interest), but does not mention that tech support scammer aspect. What is with all the explosive vandalistic editing on this article today anyway? What's your interest in it? Dawnseeker2000 22:31, 4 February 2020 (UTC)

If the tech support scammer is what disturbs you, simply replacing it with scammers in general could arrange both sides ? As Kapersky calls it a scam we can understand that it is executed by scammers. And for the vandalism, I believe a known personality made light on this issue, resulting in people with good intention, but also people with less ones. And for my interest in it, simply adding relevant information ? I don't really understand what else it could be ? — Preceding unsigned comment added by 132.203.171.109 (talk) 22:36, 4 February 2020 (UTC)
 * I'm sorry. Your timing and intentions are debatable. If this were just about any other day I might consider helping you. Dawnseeker2000  23:02, 4 February 2020 (UTC)

I'm sorry, I don't understand how relevant info that has been verified, is useful, can't be added cause it was a bad day ? Anyway, can someone else come and verify if Dawnseeker2000 refuses to take action, being it refusing the demand or accepting it. — Preceding unsigned comment added by 132.203.171.109 (talk) 23:08, 4 February 2020 (UTC)


 * Much as I would like to include something like this the Kaspersky link doesn't support it and I'm hitting a brink wall in trying to find reliable sources for it.©Geni (talk) 12:57, 5 February 2020 (UTC)

Once again, this quote is taken from the Kasperky article itself, supporting exactly the information that has been requested to be added : "Another variation of Clampi is used to steal money using scareware as a scam. In this case, Clampi poses as a virus cleaning service and warns you that your system is infected." How is that not supporting the info that is requested to be added ? I do understand Dawnseeker2000's point and agreed that it should be scammers and not tech support scammers in the info, to reflect the source correctly, thus being : The virus is also often used as an excuse by scammers to pressure individuals into sending them money for the removal of a fake virus while it is posing as a cleaning software.


 * Because thats unrelated to the phone scams. Thats an attack used when the malware has infected the computer.©Geni (talk) 16:22, 5 February 2020 (UTC)

Hum, who talked about phone scams, the sentence is that scammers use it as an excuse to pressure individuals, don't you think that when a scareware is installed on a target system, there is a pressure applied to the individual to once again quoting kaspersky "encourages you to purchase and download software to fix your computer. If you follow through, you send a payment and receive malware." ? So in other words, an excuse (the cleaning service) pressuring individuals into sending them money (as explained by kaspersky) into receiving more malware, it is a scam (as described by kaspersky) meaning by grammar relation that it is done by scammers. So once again what part of the sentence that I'm asking to be added is false, talking about any kinds of phone scams or posing Any other problem regarding the source material ?


 * This page was featured on a Twitch stream by scambaiter Kitboga (episode 686). A tech support scammer ran dir /s on the command line, and typed "clampi foound" (sic). The scammer then Googled clampi and showed this page, trying to scare the caller into believing their computer had this virus. It's clearly used as part of a script by tech support scammers. — Preceding unsigned comment added by 79.67.60.147 (talk) 19:44, 5 February 2020 (UTC)


 * This is a different matter and should be treated as such, my request is not toward what Kitboga discovered, as sadly there is no reliable source or academic paper treating the subject as you described it. But for the clampi virus as a scareware, there is Kasperky that supports the info I've given.
 * Red information icon with gradient background.svg Not done: please provide reliable sources that support the change you want to be made. The claims made are not supported by the source cited (and recited). Request fails the verification policy. Eggishorn (talk) (contrib) 22:08, 6 February 2020 (UTC)

The claims made are verifiable, cited. The request does meet the requirements for verification policy with the Kaspersky article, even Dawnseeker2000 agreed that the tweaked version was true, but due to "unknown intentions" wouldn't publish it. Geni couldn't identify the part of the info that was false or misleading regardless of multiples request to identify it. And Eggishorn did not, once again identify what part was false or misleading, regardless to the fact that the citation, taken from a reliable source, has the same meaning as the info requested to be added. It feels sad to be gate-keeped, or at least not specified other then "No you are wrong" why you are wrong.
 * The source says nothing about it being used by tech-support scammers, if you'd bothered to read it. It says that it itself is the vehicle for the scam as scareware. —A little blue Bori  v^_^v  Onward to 2020 23:01, 6 February 2020 (UTC)

If you'd have taken the time to read the discution you'd have seen that the info was changed to general scammers as I agreed with that change about 2-3 days ago... Please read the whole discution before saying something where an agreement was already reached by I think everybody multiple days ago. — Preceding unsigned comment added by 132.203.171.109 (talk) 23:04, 6 February 2020 (UTC)

And we can say scammers, because grammatically, the people piloting the endeavor are people executing a scam, hence scammers...
 * ❌ Anonymous editor, do not change the "answered" parameter just because you don't like the answer you've been given. The policy on edit requests states that these are used for uncontroversial requests and that all requests must be accompanied by verifiable reliable sources.  So far, four separate editors have looked at this and decided it does not meet the requirements for inclusion.  That makes it, by definition, controversial.  You are free to open a separate discussion here but re-opening this request is not an acceptable action unless you bring forward a new source that supports your requested edit. Please see this explanation for more information. Eggishorn (talk) (contrib) 18:04, 7 February 2020 (UTC)

The Kaspersky article and reliable sources
Is it or is it not an appropriate reference? If it is, can we *start* adding information from it?Naraht (talk) 15:03, 12 February 2020 (UTC)
 * You may get a more robust response at WP:RSN.-- Jezebel's Ponyo bons mots 16:48, 12 February 2020 (UTC)
 * @Naraht,@User:Ponyo: Kasperky is a reliable source for virus info. Nothing on RN was asked but there's nothing opposing it either. Technophant (talk) 14:28, 20 May 2020 (UTC)
 * Microsoft refers to it as symantec trojan:clampi, and while most of symantecs pages have been moved to broadcom and there's blog posts on it there, I found a white paper on the trojan still hosted on official domain, Inside the Jaws of Trojan.Clampi, which seems to be written in 2009. Technophant (talk) 15:07, 20 May 2020 (UTC)
 * My involvement with this article was as an administrator only. It appears that the issues that led me to protect the article in February have again flared up. These issues including making unsourced claims, copyright violations, making claims only partially supported by the accompanying sources and WP:UNDUE. Any editor or IP is free to edit the article or make an edit request here if they can address the sourcing issues.-- Jezebel's Ponyo bons mots 16:59, 20 May 2020 (UTC)
 * User:Ponyo I've looked for a source to say that this trojan is being referred to by scammers but there isn't one that I found. Everything written about this is from 2009, maybe into 2012 at the latest. I could find 6 different youtube videos from 6 different scam baiters that mention this, and that's a type of evidence.  I don't know if "can't beat them, join them" or it's just obvious is in any Wikipedia essays or guidelines. Technophant (talk) 23:26, 20 May 2020 (UTC)

Youtuber Kitboga asks fans to edit
A YouTube Scambaiter named Kitboga recently (May 19, 2020 repost) referred to this page by tech support scammer and asked that it should be updated to warn about scammers. It was live on twitch so a listener did. Edits continue, mostly constructive and in good faith but seem like edit warring. See at time 14:50 Technophant (talk) 12:53, 20 May 2020 (UTC)

I've been working to update this, and while this was one of the major banking trojans, it seems to have been controlled by one group that did not release the source code. There's no clear descendant of this. The peak infection was in 2009 and everything written about it save removal guides is from that year. I would like to change things to past tense, ie it was a banking trojan, but with the no apparent arrests and no way of knowing who controls the code it could come back somehow. Technophant (talk) 02:22, 21 May 2020 (UTC)

Semi-protected edit request on 21 May 2020
Often, this virus name is used by scammers to deceive people. 83.251.91.217 (talk) 10:01, 21 May 2020 (UTC)
 * Red question icon with gradient background.svg Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Dawnseeker2000  12:54, 21 May 2020 (UTC)

Semi-protected edit request on 21 May 2020
While Clampi is very real unfortunately this term is often used by tech support scammers to convince unsuspecting individuals and pressuring them into paying money for the removal of fake virus. Warren Walker — Preceding unsigned comment added by WarrenWalker (talk • contribs) 8:16, 21 May 2020 (UTC)

ENOUGH ALREADY!! with the templates @Kitboga (streamer)
I've researched every singe source available on the web and have done a major revision of the article. Any edit trying to put a warning template has been done in good faith and I've attempting to put the article in to proper time frame (circa 2009) as well as including a reference to modern appropriated. The wp:lead says ATM "Clampi IS a strain of computer malware that affecteD Microsoft Windows personal computers." Please strongly consider keeping this. It's the best way of phrasing a complicated situation in everyday english. I'm a technical person who has taken technical writing classes and has no problem writing this s**t up for computer people, however I'm also a self-employed computer technician and I prefer to work instructing the elderly. I'm also an avid YouTuber/watcher musician and a fan of Kitboga (streamer) I'm not insensitive to how important it is that this article reflects the best and most accurate information available.

Previous Wikipedians have assumed that if the wiki is changed the scammers will change their script. India has 850M+ citizens and an estimated 1M telephone support specialists. They take profitable scripts and steal/share them and are remarkably stupid about changing things that are profitable. I'm personally surpised the Tree command still works, however it looks just like the output from an antivirus so basically what's profitable is proliferated. Technophant (talk) 11:45, 2 June 2020 (UTC)

Requested move 2 June 2020

 * The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this discussion. 

The result of the move request was: page moved. Technophant (talk) 22:41, 2 June 2020 (UTC)

Clampi → Clampi (trojan) – An obsolete computer virus common in 2009, now found on the web as a Vietnamese word? and an Italian surname and also referring to musicians. Suggest rename from common proper noun in namespace. Technophant (talk) 13:57, 2 June 2020 (UTC)

More research shows that Clampi is varient the italian name Ciampi, as in the ex-president of Italy Carlo Azeglio Ciampi. The immigrations officials in Ellis Island often just wrote down what they heard and it's easy to see how that change could happen. Even reading this without my glasses I can barely tell the two apart. Technophant (talk) 22:29, 2 June 2020 (UTC)

I self-closed this a few hours after opening. There's too much going in with Covid and George Floyd to worry editors about vintage computing trivia. Technophant (talk) 22:40, 2 June 2020 (UTC)