Crimeware

Definition

Crimeware is an overall term that describes software used for financial theft. Crimeware can spread via almost any threat vector—including viruses/Trojans/worms, spyware/adware, and others—and comprises bots, botnets, and ransomware.

Bots are the threats most commonly associated with crimeware. A bot—short for robot—generally consists of “multi-stage” malware components. For example, a botnet (i.e., a networks of bots, which have been identified as a leading cause of phishing—a serious form of spam) may first be “seeded” via a Trojan that takes advantage of any one of the number of vulnerabilities discussed in these pages (such as spam). Once seeded and compromised, the PC may be victimized by any number of other malware code segments at the whim of the cyber criminal. Organized crime is increasingly resorting to the use of botnets for malicious purposes. Criminal botmasters can control bots from a central location, waking them on command to perform an extensive range of malicious activities, including spam distribution, phishing, denial of service (DoS) attacks, and extortion.

Ransomware is software that, when executed, encrypts word-processing, spreadsheet, and other documents for the purposes of extortion. In other words, documents are held ransom until victims purchase a decryption key—either by sending payment via a third-party processor such as PayPal, or through “buying” an item online (the receipt for which includes the key). Ransomware is most commonly distributed via email or instant messenger (IM).

How to protect your network, servers, pcs, and mobile devices from crimeware

  • Implement a comprehensive Internet security package that includes antivirus, anti-spam, anti-phishing, and intrusion detection and prevention (IDS/IPS) protection at all possible entry points—including the Internet gateway, messaging gateway, endpoint clients, endpoint servers, and the network.. For more information on Trend Micro’s enterprise solutions to counter crimeware, see the following: Anti-Spam, Anti-Phishing, and Anti-Spyware and Adware.
  • Keep all browser, email, and IM security patches up to date.
  • Follow all additional guidelines to protect against spam, phishing, spyware and adware.
  • Educate employees about the latest threats, symptoms of infection, and how to protect servers, PCs, and mobile devices:
  • Adhere to corporate policies regarding the download and installation of approved software.
  • Read all end-user license agreements (EULAs) carefully to be sure you are not agreeing to install unwanted components that may introduce spyware and adware.
  • Limit Web browsing to business-related activities only. Free gaming, music download, and pornography sites are notorious distributers of spyware and adware.
  • Do not disable enterprise antivirus, anti-spyware, or firewall protections.
  • Seek IT support if you notice:
  • General system slowdown.
  • Receipt of unsolicited email, IM, or other electronic communications—especially those with attachments.
  • Unusual presence of pop-up ads on your desktop, or within your browser.
  • Notification that your computer is sending spam.

What may happen if you don't adequately protect your technology assets from crimeware

  • Intellectual property theft—with potentially devastating financial results.
  • Compromised (sometimes irrevocably) market position.
  • Damaged corporate credit and reputation.
  • Exposure of personnel to identity theft.
  • Domain blacklisting due to inadvertent spamming (via botnet).
  • Denial-of-service attacks, resulting in lost profits and customer and partner confidence.
  • Loss of employee productivity due to locked or damaged documents.
  • Corporate extortion.
  • Exposure of the corporate network to other malware threats.
  • Network and system slowdowns.
  • Diversion of IT staff from strategic initiatives due to disinfection and repair of affected systems.

Other resources