20 August 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,012,510Views 62Comments

Crimeware: Do It Yourself Criminal Hacking

26 January 2010  |  3337 views  |  1

For $400-$700 you too can be a criminal hacker. Phishing hacking and spoofing software has been around for a few years. Heres what may be an example.

The ease and availability of this good for nothing other than crime software has made it easier, cheaper and more user friendly than ever to get into the cybercrime business.

Anyone with moderate computer skills that can navigate around the web and upload or download files is pretty much capable of accessing and implementing the crimeware.

Todays crimeware kits are designed so a person who is new to the criminal hacking business can quickly get up to speed and snare victims rapid fire.

USA Today reports they’ve been blasting out fake e-mail messages crafted to look like official notices from UPS (UPS), FedEx (FDX) or the IRS; or account updates from Vonage, Facebook or Microsoft Outlook (MSFT); or medical alerts about the H1N1 flu virus.

The faked messages invariably ask the recipient to click on a Web link; doing so infects the PC with a banking Trojan, a malicious program designed to steal financial account logons. Often, the PC also gets turned into a “bot”: The attacker silently takes control and uses it to send out more phishing e-mail.

The crimeware software business models the manufacturing and distribution of the legitimate software industry. Criminals are also getting more sophisticated in marketing their wares and doing it openly online. Just because they sell crimeware, doesn’t mean the software is illegal. It only becomes illegal when it’s used to scam people.

The fundamentals of how to prevent phishing are presented here by the Anti Phishing Work Group

  • Be suspicious of any email with urgent requests for personal financial information
    • unless the email is digitally signed, you can’t be sure it wasn’t forged or ’spoofed’
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
    • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
  • Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
    • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
    • you should only communicate information such as credit card numbers or account information via a secure website or the telephone

    Additionally

 

  • Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

     

     

  • TagsSecurityRisk & regulation

    Comments: (1)

    Cedric Pariente
    Cedric Pariente - Racine Alpha - Paris | 26 January, 2010, 15:36

    Hi Roberto,

    You might want to add that most of these "free hacking tools" contain crimeware themselves.

    Meaning there is very often a backdoor in the code of the program that is sending your data to the original hacker who wrote it.

    There is no free lunch, especially in crimeware.

    Do NOT use these "free tools".

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Comment on this story (membership required)

    Latest posts from Robert

    What Was Scary About Blackhat 2017?

    02 August 2017  |  5574 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Black Hat 2017 was an Amazing Event

    29 July 2017  |  6190 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Blackhat Hackers Love Office Printers

    28 July 2017  |  4884 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Getting Owned or Pwned SUCKS!

    13 June 2017  |  5572 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Parents Beware of Finstagram

    27 April 2017  |  5075 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Robert's profile

    job title Security Analyst
    location Boston
    member since 2010
    Summary profile See full profile »
    Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

    Robert's expertise

    Member since 2009
    732 posts62 comments

    Who's commenting on Robert's posts

    Ketharaman Swaminathan
    Adedeji Olowe