{{Short description|Class of malware designed specifically to automate cybercrime}} {{Computer hacking}}
'''Crimeware''' is a class of malware designed specifically to automate cybercrime.<ref name=CU_1>{{cite book| title=Crimeware: Understanding New Attacks and Defenses| author1=Jakobsson, M| author2=Ramzan, Z.| publisher=Addison-Wesley Professional| date=6 April 2008| isbn=0-321-50195-0}}</ref>
Crimeware (as distinct from spyware and adware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions on behalf of the cyberthief.{{citation needed| date=December 2023}} Alternatively, crimeware may steal confidential or sensitive corporate information. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer valuable, confidential information.
The cybercrime landscape has shifted from individuals developing their own tools to a market where crimeware, tools and services for illegal online activities, can be easily acquired in online marketplaces. These crimeware markets are expected to expand, especially targeting mobile devices.<ref>{{Cite journal |last=Gad |first=Mamoud |date=2014 |title=Crimeware Marketplaces and Their Facilitating Technologies |journal=Technology innovation management review |volume=4 |issue=11 |pages=28-33}}</ref>
The term crimeware was coined by David Jevans in February 2005 in an Anti-Phishing Working Group response to the FDIC article "Putting an End to Account-Hijacking Identity Theft".<ref name=PAE_1>{{cite web| title=Putting an End to Account-Hijacking Identity Theft| url=https://archive.fdic.gov/view/fdic/6701| publisher=Federal Deposit Insurance Corporation| date=5 January 2004| access-date=18 December 2023}}</ref>
== Examples == Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods: * Surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief.<ref>"[https://www.nytimes.com/2006/02/27/technology/27hack.html?ex=1163998800&en=5599d5982c64f082&ei=5070 Cyberthieves Silently Copy Your Password]", ''The New York Times''</ref> * Redirect a user's web browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar, also known as pharming.<ref>{{Cite web|last=Swinhoe|first=Dan|date=2020-04-23|title=Pharming explained: How attackers use fake websites to steal data|url=https://www.csoonline.com/article/3537828/pharming-explained-how-attackers-use-fake-websites-to-steal-data.html|access-date=2020-12-05|website=CSO Online|language=en}}</ref> * Steal passwords cached on a user's system.<ref name="Symantec">''Symantec Internet Security Report'', Vol. '''IX''', March 2006, p. 71</ref> * Hijack a user session at a financial institution and drain the account without the user's knowledge. * Enable remote access into applications, allowing criminals to break into networks for malicious purposes. * Encrypt all data on a computer and require the user to pay a ransom to decrypt it (ransomware).
== Delivery vectors == Crimeware threats can be installed on victims' computers through multiple delivery vectors, including: * Vulnerabilities in Web applications. The Bankash.G Trojan, for example, exploited an ''Internet Explorer'' vulnerability to steal passwords and monitor user input on webmail and online commerce sites.<ref name="Symantec"/> * Targeted attacks sent via SMTP. These social-engineered threats often arrive disguised as a valid e-mail message and include specific company information and sender addresses. The malicious e-mails use social engineering to manipulate users to open the attachment and execute the payload.<ref>"[http://www.avinti.com/download/market_background/whitepaper_email_crimeware_protection.pdf Protecting Corporate Assets from E-mail Crimeware]" {{webarchive|url=https://web.archive.org/web/20120121024839/http://www.avinti.com/download/market_background/whitepaper_email_crimeware_protection.pdf |date=January 21, 2012}} Avinti, Inc., p.1,</ref> * Remote exploits that exploit vulnerabilities on servers and clients<ref>{{Cite journal|last=Sood|first=Aditya|date=2013|title=Crimeware-as-a-service—A survey of commoditized crimeware in the underground market|journal=International Journal of Critical Infrastructure Protection|volume=6|issue=1|pages=28–38|doi=10.1016/j.ijcip.2013.01.002}}</ref>
== Concerns == Crimeware can have a significant economic impact due to loss of sensitive and proprietary information and associated financial losses. One survey estimates that in 2005 organizations lost in excess of $30 million due to the theft of proprietary information.<ref>CSI/FBI ''Computer Crime and Security Survey 2005'', p.15</ref> The theft of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal and confidential.
=== United States === US laws and regulations include: * Sarbanes-Oxley Act * Health Insurance Portability and Accountability Act (HIPAA) * Gramm-Leach-Bliley Act * Family Educational Rights and Privacy Act * California Senate Bill 1386 (2002) * Payment Card Industry Data Security Standard
== See also == * Malware * Metasploit Project * MPack (software), A PHP-based crimeware * Targeted attacks * Tiny Banker Trojan, A small banking trojan * Phishing * Spyware * Zeus (malware), Perhaps the best known banking trojan
== References == {{reflist}}
== External links == *[http://www.symantec.com/enterprise/threatreport/index.jsp Symantec Internet Security Threat Report] {{Webarchive|url=https://web.archive.org/web/20061115125942/http://www.symantec.com/enterprise/threatreport/index.jsp |date=2006-11-15 }} *[http://webarchive.loc.gov/all/20020808221834/http://www.gocsi.com/ Computer Security Institute] (Archived: August 8, 2002, at 22:18:34) *[http://www.technologyreview.com/computing/23488/ "Real-Time Hackers Foil Two-Factor Security"] (''Technology Review'', September 18, 2009) *[https://web.archive.org/web/20110515190932/http://voices.washingtonpost.com/securityfix/2009/09/cyber_mob_targets_public_priva.html "Cyber Crooks Target Public & Private Schools"], (''Washington Post'', September 14, 2009) *[https://www.computerworld.com/article/2467748/cybercrime-hacking/crimeware-gets-worse---how-to-avoid-being-robbed-by-your-pc.html "Crimeware gets worse - How to avoid being robbed by your PC"], (''Computerworld'', September 26, 2009)
{{Information security}} {{Malware}}
Category:Types of malware Category:Cybercrime