Crimeware is all that malware, program or document that pretends to fraudulently extract money from an entity, company or person. Without going into an assessment of whether it is more or less dangerous than traditional threats, what is certain is that it produces much more direct and quantifiable threats.
1. Traditional crimeware (I)
-Dialers: These are special rate number dialers that operate using the modem in RTB (Basic Telephone Network) and ISDN networks. They can be downloaded with or without the authorization of the user.
Fortunately, this threat does not work with users of PLC, Cable-modem, etc., which, however, could affect the performance of the computer, especially if they have more than one hidden dialer.
To clarify if we have a dialer installed we can contact our ISP (internet service provider)
-Cr: these are the typical emails or sms that ask us to make donations to supposedly obtain a great benefit of some kind. The English translation is "scam." It is advisable never to carry out transactions with entities that are not trusted and delete all the sms / emails whose recipient and intentions are not clear.
–Spam: These are messages or junk emails, they are spread in many ways, by sms, on social networks, forums, blogs, although the majority attack method is email. These are misleading advertising messages (some harmful) and are received in large quantities. We must also be careful with pop-ups and messaging programs such as Windows Live Messenger since they are capable of transmitting these attacks.
–Spyware: These are «spy» programs that collect information about our computer and then retransmit it to an external subject without our consent. The normal thing is that they remain permanently housed in the hard disk to run every time we use the computer, reducing its stability and performance and analyzing our behavior on the internet (being able to display ads)
These are parasitic programs (they do not try to spread from our computer to others)
-Adware: Adware are cumbersome (although not dangerous) programs because they are responsible for showing us advertising to a greater or lesser extent - the word Ad in English means advertisement - more rarely there have been some cases of adware that also collected personal information from the user (becoming spyware therefore)
We can see them when we are browsing and jump "pop-ups" or pop-ups to tell us that we have won a prize, that we play poker or other things. It is possible that they also appear with free programs or shareware (trial) that will bother us as much as possible so that we contract the paid version and be able to free ourselves from hell. They are very widespread and can be seen even in some antivirus.
2. Sophisticated crimeware (II)
In this second point we list other current attacks different from the classic ones previously mentioned.
–Pishing: messages sent to the victim that aim to emulate an email from their bank or similar so that the victim is redirected to an address heard by the attacker and that will allow him to extract the data he provides.
-Spear Pishing: This is a targeted pishing attack, for example, towards the victims of a specific bank, which provides a higher percentage of success.
-Mass attack: attack carried out on a very large number of potential victims. Thus, although the amount or rate of infection is small, the results will be equally great.
-Elective attack: one or more victims are destined but in a much more silent and selective way. They are normally more dangerous than mass attacks.
-Identity theft: Whose objective is to obtain bank account numbers, credit cards, passwords…
-Keyloggers or keyboard grabber: They are programs that record all the keystrokes produced on the target keyboard in order to decrypt passwords and data on forms.
-Bank Trojan: its objective is to "listen" to the connections we make with our online bank to obtain our data.
-Botnets or botnets: a bot is a program that is done with the control of our computer (turning it into a "zombie") to join it to other hijacked computers that make up the "botnet" and execute the orders received by it.
3. How crimeware affects us
-They produce economic losses (by obtaining access to bank information) or productive ones (by sabotaging the systems necessary to carry out the activity of the individual / company)
-Identity fraud; This can cause legal problems if, for example, an individual takes control of several computers of a company to include them in botnets and carry out attacks on other sites from them.
-Discomfort caused by the appearance of unwanted advertising and the like.
-Loss and / or disclosure of confidential information, with the consequent loss of the reputation and viability of the company. "Espionage without spies"
4. Crimeware is simple evolution
If we look back to the years 1998-2004 we remember what the "era of worms" was. Millions of computers massively infected by viruses such as ILoveYou, Sircam or SQLSlammer among others.
What began to be observed as of 2004 is a significant reduction in this type of attack, so much so that in 2005, no massive infection classified as "serious" was documented.
The epidemics were giving way to more silent and technologically advanced malware. Attacks have gone from being massive to being targeted.
At the same time, what were previously viruses have started to become a wide range of threats like the ones we mentioned above and whose main objective is not to be detected and at the same time transfer information or control of the equipment to the attacker. It is a "silent" epidemic.
5. How to protect yourself from crimeware
-Install an anti-malware security suite on each computer. It must always be active, updated and well configured.
-If you can, periodically audit your local network or Wifi for possible foreign traces.
-You should not only download all the critical patches for the operating system, but also those that correspond to potentially dangerous applications: Flash, Java, etc.
- Staying informed about new threats is an important plus.
-Use common sense: the most useful thing on the internet is to distrust everything, in principle, and go looking for clues that make us trust. Beware of unsolicited messages (instant messaging or emails)
In the portal http://www.mejor-antivirus.es we have more information about how to protect your PC against threats.
