Crimeware

Last updated December 19, 2023

Crimeware is a class of malware designed specifically to automate cybercrime.^[1]

Crimeware (as distinct from spyware and adware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions on behalf of the cyberthief.^{[ citation needed ]} Alternatively, crimeware may steal confidential or sensitive corporate information. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer valuable, confidential information.

The cybercrime landscape has shifted from individuals developing their own tools to a market where crimeware, tools and services for illegal online activities, can be easily acquired in online marketplaces. These crimeware markets are expected to expand, especially targeting mobile devices.^[2]

The term crimeware was coined by David Jevans in February 2005 in an Anti-Phishing Working Group response to the FDIC article "Putting an End to Account-Hijacking Identity Theft".^[3]

Examples

Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:

Surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief.^[4]
Redirect a user's web browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar, also known as pharming.^[5]
Steal passwords cached on a user's system.^[6]
Hijack a user session at a financial institution and drain the account without the user's knowledge.
Enable remote access into applications, allowing criminals to break into networks for malicious purposes.
Encrypt all data on a computer and require the user to pay a ransom to decrypt it (ransomware).

Delivery vectors

Crimeware threats can be installed on victims' computers through multiple delivery vectors, including:

Vulnerabilities in Web applications. The Bankash.G Trojan, for example, exploited an Internet Explorer vulnerability to steal passwords and monitor user input on webmail and online commerce sites.^[6]
Targeted attacks sent via SMTP. These social-engineered threats often arrive disguised as a valid e-mail message and include specific company information and sender addresses. The malicious e-mails use social engineering to manipulate users to open the attachment and execute the payload.^[7]
Remote exploits that exploit vulnerabilities on servers and clients^[8]

Concerns

Crimeware can have a significant economic impact due to loss of sensitive and proprietary information and associated financial losses. One survey estimates that in 2005 organizations lost in excess of $30 million due to the theft of proprietary information.^[9] The theft of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal and confidential.

United States

US laws and regulations include:

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.

Targeted threats are a class of malware destined for one specific organization or industry. A type of crimeware, these threats are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threats delivered via SMTP e-mail, port attacks, zero day attack vulnerability exploits or phishing messages. Government organisations are the most targeted sector. Financial industries are the second most targeted sector, most likely because cybercriminals desire to profit from the confidential, sensitive information the financial industry IT infrastructure houses. Similarly, online brokerage accounts have also been targeted by such attacks.

Internet safety, also known as online safety, cyber safety and electronic safety (e-safety), refers to the policies, practices and processes that reduce the harms to people that are enabled by the (mis)use of information technology.

Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.

The Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software;, but a 2011 report concluded that additional measures on top of antivirus software were needed.

A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

The following outline is provided as an overview of and topical guide to computer security:

DarkHotel is a targeted spear-phishing spyware and malware-spreading campaign that appears to be selectively attacking business hotel visitors through the hotel's in-house WiFi network. It is characterized by Kaspersky Lab as an advanced persistent threat.

Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and Zinc. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

↑ Jakobsson, M; Ramzan, Z. (6 April 2008). Crimeware: Understanding New Attacks and Defenses. Addison-Wesley Professional. ISBN 0-321-50195-0.
↑ Gad, Mamoud (2014). "Crimeware Marketplaces and Their Facilitating Technologies". Technology innovation management review. 4 (11): 28–33.
↑ "Putting an End to Account-Hijacking Identity Theft". Federal Deposit Insurance Corporation. 5 January 2004. Retrieved 18 December 2023.
↑ "Cyberthieves Silently Copy Your Password", The New York Times
↑ Swinhoe, Dan (2020-04-23). "Pharming explained: How attackers use fake websites to steal data". CSO Online. Retrieved 2020-12-05.
1 2 Symantec Internet Security Report, Vol. IX, March 2006, p. 71
↑ "Protecting Corporate Assets from E-mail Crimeware" Archived January 21, 2012, at the Wayback Machine Avinti, Inc., p.1,
↑ Sood, Aditya (2013). "Crimeware-as-a-service—A survey of commoditized crimeware in the underground market". International Journal of Critical Infrastructure Protection. 6 (1): 28–38. doi:10.1016/j.ijcip.2013.01.002.
↑ CSI/FBI Computer Crime and Security Survey 2005, p.15

External links

Symantec Internet Security Threat Report Archived 2006-11-15 at the Wayback Machine
Computer Security Institute (Archived: August 8, 2002, at 22:18:34)
"Real-Time Hackers Foil Two-Factor Security" (Technology Review, September 18, 2009)
"Cyber Crooks Target Public & Private Schools", (Washington Post, September 14, 2009)
"Crimeware gets worse - How to avoid being robbed by your PC", (Computerworld, September 26, 2009)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[CU_1-1] Jakobsson, M; Ramzan, Z. (6 April 2008). Crimeware: Understanding New Attacks and Defenses. Addison-Wesley Professional. ISBN 0-321-50195-0.

[2] Gad, Mamoud (2014). "Crimeware Marketplaces and Their Facilitating Technologies". Technology innovation management review. 4 (11): 28–33.

[PAE_1-3] "Putting an End to Account-Hijacking Identity Theft". Federal Deposit Insurance Corporation. 5 January 2004. Retrieved 18 December 2023.

[4] "Cyberthieves Silently Copy Your Password", The New York Times

[5] Swinhoe, Dan (2020-04-23). "Pharming explained: How attackers use fake websites to steal data". CSO Online. Retrieved 2020-12-05.

[Symantec-6] 1 2 Symantec Internet Security Report, Vol. IX, March 2006, p. 71

[7] "Protecting Corporate Assets from E-mail Crimeware" Archived January 21, 2012, at the Wayback Machine Avinti, Inc., p.1,

[8] Sood, Aditya (2013). "Crimeware-as-a-service—A survey of commoditized crimeware in the underground market". International Journal of Critical Infrastructure Protection. 6 (1): 28–38. doi:10.1016/j.ijcip.2013.01.002.

[9] CSI/FBI Computer Crime and Security Survey 2005, p.15

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking malware Botnets Data breach Drive-by download Browser helper objects Viruses Data scraping Denial of service Eavesdropping Email fraud Email spoofing Exploits Hacktivism Keyloggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Polymorphic engine Privilege escalation Ransomware Rootkits Bootkits Scareware Shellcode Spamming Social engineering Screen scraping Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Code obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Malbot Keystroke logging Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast