Crimeware-As-A-Service Will Emerge In 2009

Many ISP's are selling your Web surfing habits to the highest bidder. That's a fact, but it's not a crime. Now take that concept to the next level. Envision vast databases full of credit card information, valid FTP site account data, and valid network credentials available for purchase by cybercriminals. A new and nefarious industry is born.

Randy George, Director, IT Operations, Boston Red Sox

December 9, 2008

3 Min Read
InformationWeek logo in a gray background | InformationWeek

Many ISP's are selling your Web surfing habits to the highest bidder. That's a fact, but it's not a crime. Now take that concept to the next level. Envision vast databases full of credit card information, valid FTP site account data, and valid network credentials available for purchase by cybercriminals. A new and nefarious industry is born.Allow me to profile a truly helpless cybercrime victim. No, I'm not talking about the Generation-Y computer user who frequents social networking sites and runs Kazaa, LimeWire, Grokster, and eDonkey simultaneously. I'm talking about a user who is careful about which sites he or she browses, and what attachments he or she opens. Common sense dictates that if you compute in "safe neighborhoods" then you are safe from the payloads that malware and Trojans typically carry for their victims. If that is still your take on the state of security on the Internet today, you might as well turn off your computer and start skipping down the yellow brick road with Dorothy and Toto.

Once thought of as harmless, the active content packed into PDF files and Flash banner ads is quickly becoming the portal of choice for hackers who are committed to harvesting as much of your personal data as possible. Few people give a second thought to opening PDF attachments. Unfortunately, few people understand that PDF files aren't static documents anymore. It's easier than ever to purchase crimeware toolkits for the purpose of turning a harmless PDF file into a full-blown virus using the active coding and scripting capabilities of Adobe PDF Reader.

Additionally, malware infection is getting increasingly out of control thanks to new techniques being used by hackers. There have been seemingly countless victims of the omnipresent Antivirus XP 2009 malware package over the last couple months. If you have personally fallen victim, the very mention of Antivirus XP 2009 might fill you with rage. Constant popups, no uninstallation program, persistent paging to disk for no reason, countless banner ads stating that you're infected and you must license Antivirus XP 2009 now. It's enough to drive you mad. But just as important as how you clean up the mess left by malware, IT needs to understand how it got there in the first place.

Like most malware, your users will tell you that they didn't open any attachments. You check their antivirus and its up to date, and their local firewall is on and running normally. The culprit? Remember that seemingly harmless Flash-based banner ad that jumped across your screen as you browsed from legitimate Web site to legitimate Web site? Well, it wasn't so harmless. Increasingly, cybercrime syndicates are compromising the Flash-based ads being served out by ad networks in order to stage their attacks. The robustness of the Flash ActionScript programming language, coupled with the wide distribution base and cross-platform compatibility of the Flash player, all make for a perfect storm of capabilities that can and are being used against you.

Finjan just released a cybercrime trends report for 4Q of 2008 detailing some of the methods the more-advanced cybercriminals are using to extract your most sensitive data from your PC. While Finjan just so happens to offer a security appliance that provides a solution for the real-time active inspection of dynamic content, the report itself is a must-read for IT admins. In the enterprise, it's no longer enough to simply install a firewall and virus protection software and go to sleep. And simply patching your servers and workstations isn't enough, either. Beyond Windows updates, it's now necessary to update and patch any application which might be used to run active content, including the formerly harmless Adobe Acrobat Reader. It's more important than ever to study the enemy and their techniques if we are to stand a chance, and this report does a great job at exposing some of the tools and techniques being used in the ever emerging crimeware industry.

Follow this link to read the report in its entirety.

About the Author

Randy George

Director, IT Operations, Boston Red Sox

Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular InformationWeek and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a senior-level systems analyst and network engineer in the professional sports industry. Randy holds various professional certifications from Microsoft, Cisco and Check Point, a BS in computer engineering from Wentworth Institute of Technology and an MBA from the University of Massachusetts Isenberg School of Management.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights