'Crimeware' Nearly Doubles in December - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

07:32 PM
Connect Directly

'Crimeware' Nearly Doubles in December

A recently revealed image-rendering vulnerability related to Windows Meta Files made it easier for phishers to spread software designed for a criminal enterprise, such as identity theft.

The number of sites distributing "crimeware" -- or software engineered for criminal activity like identity theft -- nearly doubled in December, rising from 4,630 in November to 7,197 the following month, according to a report issued today by the Anti-Phishing Working Group (APWG).

APWG Chairman David Jevans said in a statement, "The speed, precision and massive scale by which the phishers were able to identify and exploit this vulnerability for criminal enterprise highlights the fact that the eCrime industry has reached a level of efficiency that has the potential to threaten the larger online economy."

Crimeware refers to a subset of malicious software, or malware, that has been specifically engineered for criminal activity like information theft and identity fraud. It can be thought of as an automated form of phishing, which relies on social engineering to dupe users into revealing sensitive information. Key logging software that secretly records online banking passwords and sends them to a cyber criminal represents an example of crimeware. The goal of phishing attacks is often to plant crimeware so that compromised systems become ongoing sources of valuable data.

According to the APWG, a recently revealed image-rendering vulnerability related to Windows Meta Files made it easier for phishers to spread their crimeware. Microsoft published a security bulletin (MS06-001) on this "critical" vulnerability on January 5th, 2006, and recommended that customers apply an update immediately.

During the month of December, more brand-spoofing subterfuges were recorded than any other month on record. The vast majority of those attacks, 89.3%, targeted the financial industry, most of which involved just seven major brands.

Malware overall continues to rise, despite a number of high-profile cyber crime arrests last year. As Eugene Kaspersky, head of virus research for Kaspersky Lab, Inc., observed in a Monday interview with InformationWeek, the number of samples of malicious code tracked his company doubled in the past year.

"The message is that the environment is getting more and more aggressive, because the hackers, they have a big money by writing malicious code," Kaspersky says. "And there are more and more hackers coming."

However, apocalyptic assessments from those in the security industry should be viewed with some skepticism. A study released in December by identity risk management firm ID Analytics, Inc., found that among consumers whose personal data was compromised in large data breaches, only 0.098 percent--less than one in 1,000 identities--were actually defrauded.

The reason, the firm speculates, is that identity theft takes too much work. It doesn't scale, which is to say it can't be done quickly. Assuming that it takes five minutes to fill out a credit application using stolen information, ID Analytics notes it would take an identity thief working full time -- 6.5 hours a day, five days a week, 50 weeks a year -- over 50 years to rob everyone in a stolen file of one million consumer identities. If the work were outsourced, for $10 an hour, it would cost about $830,000 -- a lot of money for even an accomplished criminal to risk.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll