Crimeware
Encyclopedia
Crimeware is a class of malware
designed specifically to automate cybercrime
. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group
to distinguish it from other kinds of malevolent programs.
Crimeware (as distinct from spyware
, adware
, and malware
) is designed (through social engineering or technical stealth) to perpetrate identity theft
in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation. Crimeware represents a growing problem in network security
as many malicious code threats seek to pilfer confidential information.
information is not altered or stolen by criminals. These laws and regulations include:
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
designed specifically to automate cybercrime
Computer crime
Computer crime, or cybercrime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers to criminal exploitation of the Internet. Such crimes may threaten a nation’s security and financial health...
. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group
Anti-Phishing Working Group
The Anti-Phishing Working Group is an international consortium that brings together businesses affected by phishing attacks, security products and services companies, law enforcement agencies, government agencies, trade association, regional international treaty organizations and communications...
to distinguish it from other kinds of malevolent programs.
Crimeware (as distinct from spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
, and malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
) is designed (through social engineering or technical stealth) to perpetrate identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation. Crimeware represents a growing problem in network security
Network security
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
as many malicious code threats seek to pilfer confidential information.
Examples
Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:- Crimeware can surreptitiously install keystroke loggerKeystroke loggingKeystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
s to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief. - A crimeware program can also redirect a user's web browserWeb browserA web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
to a counterfeit websitePhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
controlled by the thief even when the user types the website's proper domain nameDomain nameA domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
in the address bar. - Crimeware threats can steal passwords cached on a user's system.
- Crimeware can wait for the user to log into their account at a financial institution, then drain the account without the user's knowledge.
- Crimeware can enable remote access into applications, allowing criminals to break into networks for malicious purposes.
Delivery vectors
Crimeware threats can be installed on victims' computers through a number of delivery vectors, including:- VulnerabilitiesVulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
in Web applications. The Bankash.G Trojan, for example, exploited an Internet ExplorerInternet ExplorerWindows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
vulnerability to steal passwords, monitor user input on webmail and online commerce sites. - Targeted attacks sent via SMTP. These social-engineered threats often arrive disguised as a valid e-mail messages and include specific company information and sender addresses. The malicious e-mails use social engineering to manipulate users to open the attachment and execute the payload.
- Peer-to-peerPeer-to-peerPeer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...
file sharing networks can exploit open ports to install crimeware programs - Remote exploitsExploit (computer security)An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
that exploit vulnerabilitiesVulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
on servers and clients
Concerns
Crimeware can have a significant economic impact due to loss of sensitive and proprietary information, not to mention the associated financial losses. One survey estimates that organizations, in 2005, lost in excess of $30 million due to the theft of proprietary information. Additionally, for businesses, the theft of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal, and confidentialinformation is not altered or stolen by criminals. These laws and regulations include:
- Sarbanes-Oxley ActSarbanes-Oxley ActThe Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...
- Health Insurance Portability and Accountability ActHealth Insurance Portability and Accountability ActThe Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. It was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum . Title I of HIPAA protects health insurance coverage for workers and their...
(HIPAA) - Gramm-Leach-Bliley ActGramm-Leach-Bliley ActThe Gramm–Leach–Bliley Act , also known as the Financial Services Modernization Act of 1999, is an act of the 106th United States Congress...
- Family Educational Rights and Privacy ActFamily Educational Rights and Privacy ActThe Family Educational Rights and Privacy Act of 1974 is a United States federal law.It allows students with access to their education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records...
- California Senate Bill 1386SB 1386SB1386, amending civil codes 1798.29, 1798.82 and 1798.84 is a California law regulating the privacy of personal information. The law was introduced by California State Senator Peace on February 12, 2002, and became operative July 1, 2003....
- Payment Card Industry Data Security StandardPCI DSSThe Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
See also
- MalwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
- Metasploit ProjectMetasploit ProjectThe Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
- Targeted attacks
- PhishingPhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
- SpywareSpywareSpyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
- web fraud detectionWeb fraud detectionWeb Fraud Detection defines technological solutions, meant to detect criminal activities carried out against websites and web applications over the World Wide Web. Traditionally, fraud detection solutions were essentially rule-based expert systems...
External links
- Symantec Internet Security Threat Report
- http://www.gocsi.comComputer Security InstituteComputer Security InstituteThe Computer Security Institute is a professional membership organization serving practitioners of information, network, and computer-enabled physical security, from the level of system administrator to the chief information security officer. It was founded in 1974.CSI conducts two conferences per...
] - Real-Time Hackers Foil Two-Factor Security (Technology Review September 18, 2009)
- Cyber Crooks Target Public & Private Schools (Washington Post September 14, 2009)
- Crimeware gets worse - How to avoid being robbed by your PC (Computerworld September 26, 2009)