Crimeware

Crimeware is a class of

cybercrime.^[1]

Crimeware (as distinct from

social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions on behalf of the cyberthief.^{[citation needed]} Alternatively, crimeware may steal confidential or sensitive corporate information. Crimeware represents a growing problem in network security

as many malicious code threats seek to pilfer valuable, confidential information.

The cybercrime landscape has shifted from individuals developing their own tools to a market where crimeware, tools and services for illegal online activities, can be easily acquired in online marketplaces. These crimeware markets are expected to expand, especially targeting mobile devices.[2]

The term crimeware was coined by David Jevans in February 2005 in an Anti-Phishing Working Group response to the FDIC article "Putting an End to Account-Hijacking Identity Theft".^[3]

Examples

Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:

Surreptitiously install
sensitive data—login and password information for online bank accounts, for example—and report them back to the thief.^[4]

Redirect a user's web browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar, also known as pharming.^[5]
Steal
passwords cached on a user's system.^[6]

Hijack a user session at a financial institution and drain the account without the user's knowledge.

Enable remote access into applications, allowing criminals to break into networks for malicious purposes.

decrypt it (ransomware
).

Delivery vectors

Crimeware threats can be installed on victims' computers through multiple delivery vectors, including:

Vulnerabilities in Web applications. The Bankash.G Trojan, for example, exploited an Internet Explorer vulnerability to steal passwords and monitor user input on webmail and online commerce sites.^[6]
SMTP. These social-engineered threats often arrive disguised as a valid e-mail message and include specific company information and sender addresses. The malicious e-mails use social engineering to manipulate users to open the attachment and execute the payload.^[7]

Remote exploits that exploit vulnerabilities on servers and clients^[8]

Concerns

Crimeware can have a significant economic impact due to loss of sensitive and proprietary information and associated financial losses. One survey estimates that in 2005 organizations lost in excess of $30 million due to the theft of proprietary information.^[9] The theft of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal and confidential.

United States

US laws and regulations include:

Sarbanes-Oxley Act
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act
Family Educational Rights and Privacy Act
California Senate Bill 1386 (2002)
Payment Card Industry Data Security Standard

References

ISBN 0-321-50195-0
.

^ Gad, Mamoud (2014). "Crimeware Marketplaces and Their Facilitating Technologies". Technology innovation management review. 4 (11): 28–33.

^ "Putting an End to Account-Hijacking Identity Theft". Federal Deposit Insurance Corporation. 5 January 2004. Retrieved 18 December 2023.

^ "Cyberthieves Silently Copy Your Password", The New York Times

^ Swinhoe, Dan (2020-04-23). "Pharming explained: How attackers use fake websites to steal data". CSO Online. Retrieved 2020-12-05.

^ ^a ^b Symantec Internet Security Report, Vol. IX, March 2006, p. 71

^ "Protecting Corporate Assets from E-mail Crimeware" Archived January 21, 2012, at the Wayback Machine Avinti, Inc., p.1,

doi:10.1016/j.ijcip.2013.01.002
.

^ CSI/FBI Computer Crime and Security Survey 2005, p.15

External links

Symantec Internet Security Threat Report Archived 2006-11-15 at the Wayback Machine

Computer Security Institute (Archived: August 8, 2002, at 22:18:34)

"Real-Time Hackers Foil Two-Factor Security" (Technology Review, September 18, 2009)

"Cyber Crooks Target Public & Private Schools", (Washington Post, September 14, 2009)

"Crimeware gets worse - How to avoid being robbed by your PC", (Computerworld, September 26, 2009)

v
t
e
Information security
Related security categories

Computer security

Automotive security

Cybercrime
Cybersex trafficking

Computer fraud

Cybergeddon

Cyberterrorism

Cyberwarfare

Electromagnetic warfare

Information warfare

Internet security

Mobile security

Network security

Copy protection

Digital rights management

vectorial version
Threats

Adware

Advanced persistent threat

Arbitrary code execution

Backdoors

Hardware backdoors

Code injection

Crimeware

Cross-site scripting

Cross-site leaks

DOM clobbering

History sniffing

Cryptojacking

Botnets

Data breach

Drive-by download

Browser Helper Objects

Viruses

Data scraping

Denial-of-service attack

Eavesdropping

Email fraud

Email spoofing

Exploits

Hacktivism

Insecure direct object reference

Keystroke loggers

Logic bombs

Time bombs

Fork bombs

Zip bombs

Fraudulent dialers

Malware

Payload

Phishing
Voice

Polymorphic engine

Privilege escalation

Ransomware

Rootkits

Scareware

Shellcode

Spamming

Social engineering

Spyware

Software bugs

Trojan horses

Hardware Trojans

Remote access trojans

Vulnerability

Web shells

Wiper

Worms

SQL injection

Rogue security software

Zombie

Defenses

Application security
Secure coding

Secure by default

Secure by design
Misuse case

Computer access control
Authentication
Multi-factor authentication

Authorization

Computer security software
Antivirus software

Security-focused operating system

Data-centric security

Obfuscation (software)

Data masking

Encryption

Firewall

Intrusion detection system
Host-based intrusion detection system (HIDS)

Anomaly detection

Security information and event management (SIEM)

Mobile secure gateway

Runtime application self-protection

Site isolation

v
t
e
Malware topics
Infectious malware

Comparison of computer viruses

Computer virus

Computer worm

List of computer worms

Timeline of computer viruses and worms

Concealment

Backdoor

Clickjacking

Man-in-the-browser

Man-in-the-middle

Rootkit

Trojan horse

Zombie computer

Malware for profit

Adware

Botnet

Crimeware

Fleeceware

Form grabbing

Fraudulent dialer

Malbot

Keystroke logging

Privacy-invasive software

Ransomware

Rogue security software

Scareware

Spyware

Web threats

By operating system

Android malware

Classic Mac OS viruses

iOS malware

Linux malware

MacOS malware

Macro virus

Mobile malware

Palm OS viruses

HyperCard viruses

Protection

Anti-keylogger

Antivirus software

Browser security

Data loss prevention software

Defensive computing

Firewall

Internet security

Intrusion detection system

Mobile security

Network security

Countermeasures

Computer and network surveillance

Honeypot

Operation: Bot Roast

Retrieved from "https://en.wikipedia.org/w/index.php?title=Crimeware&oldid=1190573740"

[CU_1-1] ISBN 0-321-50195-0
.

[2] Gad, Mamoud (2014). "Crimeware Marketplaces and Their Facilitating Technologies". Technology innovation management review. 4 (11): 28–33.

[PAE_1-3] "Putting an End to Account-Hijacking Identity Theft". Federal Deposit Insurance Corporation. 5 January 2004. Retrieved 18 December 2023.

[4] "Cyberthieves Silently Copy Your Password", The New York Times

[5] Swinhoe, Dan (2020-04-23). "Pharming explained: How attackers use fake websites to steal data". CSO Online. Retrieved 2020-12-05.

[Symantec-6] Symantec Internet Security Report, Vol. IX, March 2006, p. 71

[7] "Protecting Corporate Assets from E-mail Crimeware" Archived January 21, 2012, at the Wayback Machine Avinti, Inc., p.1,

[8] :10.1016/j.ijcip.2013.01.002
.

[9] CSI/FBI Computer Crime and Security Survey 2005, p.15

[1]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

Examples

Delivery vectors

Concerns

United States

See also

References

External links