17 March 2018
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

744Posts 2,097,229Views 62Comments

Crimeware: Do It Yourself Criminal Hacking

26 January 2010  |  3403 views  |  1

For $400-$700 you too can be a criminal hacker. Phishing hacking and spoofing software has been around for a few years. Heres what may be an example.

The ease and availability of this good for nothing other than crime software has made it easier, cheaper and more user friendly than ever to get into the cybercrime business.

Anyone with moderate computer skills that can navigate around the web and upload or download files is pretty much capable of accessing and implementing the crimeware.

Todays crimeware kits are designed so a person who is new to the criminal hacking business can quickly get up to speed and snare victims rapid fire.

USA Today reports they’ve been blasting out fake e-mail messages crafted to look like official notices from UPS (UPS), FedEx (FDX) or the IRS; or account updates from Vonage, Facebook or Microsoft Outlook (MSFT); or medical alerts about the H1N1 flu virus.

The faked messages invariably ask the recipient to click on a Web link; doing so infects the PC with a banking Trojan, a malicious program designed to steal financial account logons. Often, the PC also gets turned into a “bot”: The attacker silently takes control and uses it to send out more phishing e-mail.

The crimeware software business models the manufacturing and distribution of the legitimate software industry. Criminals are also getting more sophisticated in marketing their wares and doing it openly online. Just because they sell crimeware, doesn’t mean the software is illegal. It only becomes illegal when it’s used to scam people.

The fundamentals of how to prevent phishing are presented here by the Anti Phishing Work Group

  • Be suspicious of any email with urgent requests for personal financial information
    • unless the email is digitally signed, you can’t be sure it wasn’t forged or ’spoofed’
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
    • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
  • Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
    • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
    • you should only communicate information such as credit card numbers or account information via a secure website or the telephone



  • Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.



  • TagsSecurityRisk & regulation

    Comments: (1)

    Cedric Pariente
    Cedric Pariente - EFFI Consultants - Paris | 26 January, 2010, 15:36

    Hi Roberto,

    You might want to add that most of these "free hacking tools" contain crimeware themselves.

    Meaning there is very often a backdoor in the code of the program that is sending your data to the original hacker who wrote it.

    There is no free lunch, especially in crimeware.

    Do NOT use these "free tools".

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Comment on this story (membership required)

    Latest posts from Robert

    14 Social Media Disasters Ready to Strike

    03 March 2018  |  4164 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Understanding and Stopping Criminal Identity Theft

    23 February 2018  |  6021 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Top 10 Signs of a Malware Infection on Your Computer

    08 February 2018  |  4918 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data

    11 January 2018  |  4464 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Your Social Security Card Gets Stolen: Now What?

    04 January 2018  |  4903 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Robert's profile

    job title Security Analyst
    location Boston
    member since 2010
    Summary profile See full profile »
    Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

    Robert's expertise

    Member since 2009
    739 posts62 comments

    Who's commenting on Robert's posts