The definition of crimeware relates to a distinct class of malware that is designed to add automation to cyber criminal activity. Originally the term “crimeware” was created by the Security General of the Anti-Phishing Working Group, Peter Cassidy, in order to distinguish it from other types of malicious software programs.
Crimeware is differentiated from standard malware, adware and spyware insofar as its primary function is to perpetrate identity theft. This is accomplished by accessing a PC user’s online financial accounts with retailers and financial institutions. At that point, the person(s) controlling the crimeware can make unauthorized transactions. Crimeware is a fast-growing threat to online network security that has made its way to the general public for sale.
The type of risks that are posed by crimeware Trojan kits is ever-changing. The primary reason for this has to do with the fact that cyber criminal activity is a huge business and the criminals need to make sure that the software threats actually work. The two most well-known and effective crimeware packages are ZeuS and URLZone. ZeuS has been available since 2007 and what makes ZeuS particularly dangerous is the fact that as of May, 2021, the source code of Zeus has been published as public domain. This means that the number of hackers that can improve upon the software’s effectiveness has dramatically increased.
Some of the newer capabilities of the ZeuS network are strengthening the software’s ability to create unauthorized transactions and steal financial credentials. One of the latest versions of the ZeuS crimeware kit offers a $10,000 module that will allow a hacker to take complete control of an infected PC.
In the case of the ZeuS Trojan crimeware package, the program is Windows-based and uses only about 50K bytes on the compromised computer, which is also Windows-based. The operator of the crimeware may be located on another continent and can use a complex command system to transfer funds from banking systems through a victim’s computer.
A researcher for SecureWorks (A U.S.-based managed security services provider) Kevin Stevens, states that the original ZeuS Builder copyright protection mechanism is similar to WinLicense. This means that a number of hardware details of the buyer’s computer are noted before the software is allowed to be unlocked. This prevents the unauthorized distribution of ZeuS since the unlocking key is configured with the hardware profile of the original buyer’s computer. The older versions of ZeuS are free, but the newest version is pricy. Those who purchase the crimeware will usually pay for it with untraceable Web Money or Western Union funds.
The basic software can run from $3-$4,000 with an additional $1,500 for a module that will create a connection back to the infected PC. This means that any financial institution that attempts to trace the attack will only be directed to the controlled PC and not the original cyber criminal. An additional charge is made for those who wish to hack into the latest version of Windows operating systems. There are other modules for sale that are designed for specific types of attacks.
Some of the more advanced features that are likely to be available will include an on-the-fly screen pop up in Firefox that asks for more sensitive banking information during a transaction. This would be accomplished by the software pretending to be the bank and stating that more information is needed. The ZeuS crimeware is even making use of polymorphic encryption. This means that that the software is re-encrypting itself to appear unique to virus scanners each time it runs. This makes it much more difficult to detect.
It has been noted that there are really only two completely methods to prevent the hijacking of an online financial transaction:
There may be other effective methods available – but there is no way to know just how long they will be effective. This is especially true now that the ZeuS source code is in the public domain.