Growing Crimeware-as-a-Service (CaaS) industry caters to cybercriminals 7 April, 2008 By Erin Bell

The report, which outlined the findings of Finjan's Malicious Code Research Center, said that criminals have started to use online cybercrime services instead of dealing with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites themselves.

"Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it," said Finjan CTO Yuval Ben-Itzhak.

Operating in parallel with legitimate mainstream software providers, the creators and owners of these Crimeware toolkits provide their customer base with update mechanisms while tooling them with sophisticated, anti-forensic attack techniques, as well as the ability to manage and monitor malicious code affiliation networks. It enables a new level of Crimeware availability by supplying anyone willing to purchase an easy-to-use Crimeware toolkit.

During 2007, the MCRC covered the trend of new Crimeware that purely focuses on financial gain, as well as the way it works to get revenue out of each infection. In this report, MCRC showed how the delivery and distribution of malware have been upgraded to deliver a different type of malware to different geographical regions.

"Cybercriminals can now generate more targeted infections and deliver specialized Crimeware for specific geographical regions," Ben-Itzhak said. "Our report illustrates how these criminals are employing marketing and sales techniques to address the cybercrime economy and ensure that the market they are after gets the proper 'product' localized for it."

According to Finjan, the next phase in the commercialization process of Crimeware will be creating a service for getting straight to stolen data by providing the victim data tailored to the criminal intent. Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a Crimeware-toolkit platform.

Concludes Ben-Itzhak: "The trends described in this report confirm that the security industry and law enforcement agencies should take an innovative approach in handling these Crimeware commercialization threats. Cybercriminals continue to adapt legitimate technologies and business models to support their criminal activities."

Finjan is a global provider of web security solutions for the enterprise market.