Crimeware now a crimewave, security group finds

5 Sep 2006

Websites that spread crimeware are now at a record high, with incidences up 40pc, according to findings from the Anti-Phishing Working Group (APWG).

For more than a year, the APWG’s ‘Project: Crimeware’ has been monitoring the increase of malicious software purpose-built for criminal enterprise and the number of crimeware-spreading sites has continued to expand rapidly.

Crimeware code is defined as having been created to collect information about the end user in order to steal that user’s credentials. For example, phishing-based keyloggers have tracking components which try to monitor specific actions that a user may perform, such as entering a password. These programs are also on the lookout for when users visit particular websites where financial information is likely to be used, such as a bank or online shopping site.

“We have seen the most password-stealing malicious code URLs tracked to date,” said Dan Hubbard, vice-president of security for Websense, the security software company which conducted the research on behalf of the APWG. He attributed this to the fact that there is money to be made from using crimeware applications and websites.

The growth is also due to an increase in use of exploit kits being bought and sold on the internet. These kits allow non-technical criminals to infect websites with malicious exploit code with the intent of running it upon users visiting that site, Hubbard added.

Meanwhile, the APWG’s figures for June show that there were 28,571 unique phishing reports and a total of 130 brands hijacked as a result of these scams. On average, the fake phishing sites remain online for less than five days before being shut down or removed; however, the longest time online was recorded as 31 days, the APWG found.

By Gordon Smith