The term crimeware, was first used by Peter Cassidy [2], and it describes a type of computer program that tries to access a person's personal information, for the benefit of the creator of the software. This type of software is much different than other types of unwanted software, (such as spyware, adware, ect) since it can actually compromise a person's identity (identity theft). Crimeware and identity theft over the internet is growing and becoming a serious, and very large threat across the globe.

The following graph is just one example of the growing threat crimeware is becoming. This graph shows the number of unique keyloggers (just one of the many types of crimeware software), that appeared over the course of a year during 2005 to 2006. [1]



There are multiple types of crimeware. The more common types that will be looked at include: Keyloggers, is a type of crimeware that records the keyboard strokes of the user. With this, the attacker tries to log a user's passwords to access financial information, or a user's credit card numbers, etc. The keystroke logs that are actually sent back to the attacker usually just contain the keystrokes that were logged when the victim had visited targeted sites, such as a financial institutions and corporate VPNs. As already seen above, unique keyloggers are on the rise. [1][3]

Email and Instant messaging redirectors are programs used to send emails or instant messages transcripts to an unintended account that the attacker has access to. These methods are usually used for attackers to seek personal or corporate information. The following is an example of such a program. [1]

Source: Websense/APWG[1]

Session hyjackers is a term used when a user who legitimately logs into his or her user account, then has their session "hyjacked". Once the user is logged in, malicious software that was on the user's system can perform tasks such as money transactions without the user's authority. [1][3]

Web trojans are programs that collect user information by tricking the user into thinking they are entering their information through a website, when in fact information is being entered locally and then transferred to the attacker. [1][3]

Distribution Methods

There are many methods that attackers can use to distribute their crimeware to their victims. Some of the more common methods include: Probably the most common method, is the use of an attachment to an email. Emails that contain such malicious programs, usually have their subject headings sound important to the user. Often, it can be sent from someone the user knows that was also affected by this piece of crimeware, which can go through a user's address book and send unauthorized emails out to everyone listed there. Once the user opens such an email, the software will automatically infect the computer. [1]

Piggy-backing is also another very common type of crimeware distribution. Many times software that appears to provide some practical function, will be downloaded by the user and installed. Regardless if this software provides the listed functionality, it may have embedded malicious code. Often this is how spyware and adware, etc. are spread. [1]

Search engine poisoning is another method of crimeware distribution. A report released by Sunbelt, reported some disturbring information about search engines, in particular Microsoft’s search engine. Using very common search words for banks and other lenders, produced search results to malicious sites. Upon entering these sites, even though these sites may appear official, they may just be silently downloading malicious software with the use of ActiveX. [4]

Counter Measures

Measures that can be put in place by the user to try and reduce the installation of crimeware on their computer, include:


[1] The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond. Us Department of Homeland Security, SRI International Theft Technology Council and the Anti-Phishing Working Group. October 2006
[2] Crimeware. Wikipedia.
[3] Crimeware.,290660,sid14_gci1095413,00.html
[4] Comiotto, Brulez. Phishing and Crimeware Map.

See Also

External Links

Developer: Anthony Petta
Date of Last Revision: April 5, 2007