Crimeware is a class of malware designed specifically to automate

cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing th ...

. Crimeware (as distinct from

spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priva ...

and

adware Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...

) is designed to perpetrate

identity theft Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was c ...

through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions on behalf of the cyberthief. Alternatively, crimeware may steal

confidential Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...

or sensitive corporate information. Crimeware represents a growing problem in

network security Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves th ...

as many malicious code threats seek to pilfer valuable, confidential information. The term crimeware was coined by David Jevans in February 2005 in an Anti-Phishing Working Group response to the FDIC article "Putting an End to Account-Hijacking Identity Theft," which was published on December 14, 2004.

Examples

Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods: * Surreptitiously install

keystroke logger Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...

s to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief. * Redirect a user's

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...

to a counterfeit website controlled by the thief even when the user types the website's proper

domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...

in the

address bar In a web browser, the address bar (also location bar or URL bar) is the element that shows the current URL. The user can type a URL into it to navigate to a chosen website. In most modern browsers, non-URLs are automatically sent to a search eng ...

, also known as

pharming Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a ...

. * Steal

passwords A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

cached on a user's system.''Symantec Internet Security Report'', Vol. IX, March 2006, p. 71 * Hijack a user session at a financial institution and drain the account without the user's knowledge. * Enable remote access into applications, allowing criminals to break into networks for malicious purposes. * Encrypt all data on a computer and require the user to pay a ransom to decrypt it ( ransomware).

Delivery vectors

Crimeware threats can be installed on victims' computers through multiple delivery vectors, including: *

Vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

in Web applications. The Bankash.G Trojan, for example, exploited an ''

Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...

'' vulnerability to steal passwords and monitor user input on webmail and online commerce sites. *

Targeted attacks Targeted threats are a class of malware destined for one specific organization or industry. A type of crimeware, these threats are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threa ...

sent via

SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients ty ...

. These social-engineered threats often arrive disguised as a valid e-mail message and include specific company information and sender addresses. The malicious e-mails use social engineering to manipulate users to open the attachment and execute the payload. * Remote exploits that exploit

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

on servers and clients

Concerns

Crimeware can have a significant economic impact due to loss of sensitive and proprietary information and associated financial losses. One survey estimates that in 2005 organizations lost in excess of $30 million due to the theft of proprietary information.CSI/FBI ''Computer Crime and Security Survey 2005'', p.15 The

theft Theft is the act of taking another person's property or services without that person's permission or consent with the intent to deprive the rightful owner of it. The word ''theft'' is also used as a synonym or informal shorthand term for som ...

of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal and confidential.

United States

US laws and regulations include: * Sarbanes-Oxley Act *

Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1 ...

(HIPAA) * Gramm-Leach-Bliley Act * Family Educational Rights and Privacy Act *

California Senate Bill 1386 (2002) California S.B. 1386 was a bill passed by the California legislature that amended the California law regulating the privacy of personal information: civil codes 1798.29, 1798.82 and 1798.84. This was an early example of many future U.S. and inter ...

* Payment Card Industry Data Security Standard

References

External links