The Anti-Phishing Working Group has issued a joint report with the Department of Homeland Security and SRI International on the role of crimeware in enabling new forms of financial crime on the public Internet.
The report is titled “The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond”, and can be downloaded here (pdf file).
The report details the innovative and penetrating mechanisms that phishers are employing to spread crimeware including:
– Attachments sent via email or instant message – or in an apparently discarded hardware devices such as USB keys;
– Piggybacking schemes in which crimeware is embedded into another piece of software such as an apparent shareware application;
– Internet Worms that exploit vulnerabilities within networks and PCs to propagate themselves and install back doors and other crimeware applications;
– Web Browser Exploits in which browser vulnerabilities are leveraged to directly infect PCs from the compromised server by the pages being viewed or by injecting crimeware code remotely via scripting exploits into the PC;
– Distribution via Hacking in which crimeware is installed manually by hackers who have discovered or exploited vulnerabilities that give them access and control of a PC;
– And Distribution via Affiliate Marketing in which marketing programs provide incentives to 1) install malware on visitors PCs, some of which can be later exploited to plant crimeware or 2) to directly install crimeware on visitors’ PCs.
APWG data from the 12 months between May 2005 and May 2006 tells the story of runaway proliferation of crimeware. In that time frame, the number of unique applications for password stealing that were detected in a single month grew from 79 to 215, almost tripling in detected frequency. The number of URLs employed by criminals to spread crimeware expanded at around twice the rate of crimeware code development, however, rising from 495 detected URLs in May 2005 to 2100 in May 2006 after peaking at 2683 in April, 2006.