The Rise of Crimeware
March 1, 2006 11:58 AM   Subscribe

Scientific American looks at the Rise of Crimeware Crimeware, or malware with criminal intentions is increasing exponentially. "My company scans 13 million emails a day, and of that email we stop between 3 million and 10 million messages a day because they contain some kind of malware [malicious software]. Of the malware we're seeing, 99.9% is crimeware--something where the bad guys are trying to steal money from the end user. We're detecting one to five new species of virus a day and seeing 100 to 200 new phishing sites appearing every day." Take a look at who's getting attacked. What can we do about it? (PDF report by DHS on crimeware)
posted by clockworkjoe (21 comments total)
I don't think we really needed another term for malware, but thanks anyway SA.
posted by Artw at 12:12 PM on March 1, 2006

"earlier this month at the Antispyware Coalition meeting in Washington, the head of the [National Network to End Domestic Violence] claimed that spyware is involved in more than 90 percent of all domestic violence cases."

Does this sound odd to anyone else? Spyware is involved in 9/10ths of all domestic violence?
posted by rollbiz at 12:12 PM on March 1, 2006

Odd would be putting it mildly. If it's not a typo (9% instead of 90% -- which would actually be more than enough to be interesting), then it's prima facie batshitinsane.
posted by lodurr at 12:15 PM on March 1, 2006

Maybe 90% of spouse abusers with Internet-capable computers have spyware-infected machines?
posted by Faint of Butt at 12:16 PM on March 1, 2006

maybe it's only spyware downloaded on Superbowl Sunday?
posted by words1 at 12:17 PM on March 1, 2006

Some info on their website talks about spyware installed by abusers to track passwords, IMs, emails and such. But even still, I tend to think that much less than 9/10ths of abusers or abused would even have access to a permanant home computer with constant internet access. Of those who do, surely not all are using "spyware" to track the abuseds' computer usage.
posted by rollbiz at 12:21 PM on March 1, 2006

I suppose spyware could have jumped the life-form barrier, from Winboxen to humans. Or maybe spousal-abusers have started running their brains on Windows?
posted by lodurr at 12:21 PM on March 1, 2006

I suppose spyware could have jumped the life-form barrier, from Winboxen to humans. Or maybe spousal-abusers have started running their brains on Windows?

Well, if we can put a man on the moon...
posted by rollbiz at 12:26 PM on March 1, 2006

...Crimeware, or malware with criminal intentions is increasing exponentially.

And Kurzweil's response is to predict that in this lifetime, we will have a socio-technical singularity in which everyone becomes criminal malware.
posted by KirkJobSluder at 12:29 PM on March 1, 2006

... levity aside, I am curious about why 'malware' is no longer deemed sufficient. It reminds me of the Bush administration's abortive attempt to re-frame "suicide bombers" as "homicide bombers." And the dimensions of the reframing are potentially very interesting. To paraphrase the Lioness, not all crime is crime. If we're distinguishing between "crimeware" and "malware", then we have to consider what makes sofware "criminal." DVD rippers would be, by definition, crimeware. So would software that Chinese citizens use to route around the Great Firewall.

So it's a troubling term, to say the least. Doesn't mean what it seems to, and is ripe for semiotic abuse, so to speak.

OTOH, it's also interesting to me that it's taken this long for people to start focusing on how to actually use malware to rip people off. (Well, "this long" -- I got my first piece of phishing email in 1998.)

It's wonderfully instructive to compare the virtual and the real worlds, and no more so than with regard to malicious action. In the real world, anyone with sufficient resolve and a car (or a baseball bat, for that matter) could walk out his/her front door and kill or maim ten or twenty people -- or cause a few ten thousand dollars of damage. Anyone with a modicum of intelligence and the will to use it could steal a bunch of money. But we don't. Why? The cliched answer is that in the richly-experienced "real" world, we have more of a sense of being part of the human horde; in the relatively experience-depleted online world, we have fewer scruples because we have fewer rich connections to others.
posted by lodurr at 12:34 PM on March 1, 2006

Which begs the question; What percentage of Crimeware is involved in Nigerian domestic violence?
posted by Gungho at 12:50 PM on March 1, 2006

So "malware" is software that pops up ads, and "crimeware" steals passwords and personal information? Is that how they're making the distinction?
posted by Jatayu das at 12:50 PM on March 1, 2006

I think the major difference between malware and crimeware is intent. A lot of malware, like viruses, are created for fun and ego. How many teens have been arrested for major worms? Crimeware is created by professional criminals with the intent to make money. It's a difference of culture between the hacker and criminal underworlds.
posted by clockworkjoe at 12:50 PM on March 1, 2006

You know, those Nigerians get a bad rap, but I have made literally millions of dollars helping them get their money out of the country. Of course, it cost me a little bit to do so, and I;m still waiting for them to send me my check.
posted by Astro Zombie at 2:01 PM on March 1, 2006

posted by Smedleyman at 2:49 PM on March 1, 2006

I’ve often wondered what certain kinds of automation would do to society, people, etc. Consider the processes at work - if all you have to do is upload something to a spam server to make some money, it still screws with people’s lives and degrades society.
But because you’re not literally pointing a gun at someone or running some kind of con, it seems far more acceptable.

Picture an AI Godfather.
posted by Smedleyman at 2:52 PM on March 1, 2006

Blame these guys for coining "crimeware". I think it's a useful distinction -- malware could be anything harmful, but crimeware is less about fucking up your computer or hijacking your browser than it is getting your passwords and breaking into your bank account. That's a whole 'nother level of sophistication -- and required defenses.

Myself, I've seen a huge increase in phishing spam the last couple of months, such that it's well over 80% of my unwanted mail. I use Thunderbird's predictive junk mail tool, and I usually look into my trash folder every time it reaches the same size as the junk folder (stuff is labeled junk, then eventually moved to trash), to make sure I'm not permanently deleting anything important. The last 3 months or so, my junk folder has been increasing in size faster than the trash folder, so trash never catches up. Well over half of that is paypal phishing, next ebay, then various brand-name bank phishing.

Meanwhile, my dad is at that age when he shows an increased susceptibility to physical junk mail offers that are on the face of it dodgy ("double your lifestyle!") -- at least he lets me double-check them. I'm really worried that he, and other older people, are basically sitting ducks for various types of social-engineered phishing attacks.
posted by dhartung at 3:29 PM on March 1, 2006

Agreed it is a legitimate distinction. I'd say crimeware is acute and malware is chronic - hit-and-run vs. slow exploitation. There may have to be a distinction simply because some of the malware tricks unfortunately aren't illegal. Still don't like the term tho.

Both of the first two links go to the same page. And it has little support for the proposition. Also, "exponentially" is likely an exaggeration. The DHS paper has some interesting ideas on countering phishing, but nothing about other "crimeware".

Ultimately it's a monopoly problem more than a technical problem. If there were competition in the OS market, there would be safer OS's and more computer-literate users.
posted by jam_pony at 5:38 PM on March 1, 2006

Yeah, sorry about the FP errors. I noticed it the second after I posted it. Still, it's interesting to know that crimeware is such a problem that it merits a distinction from other categories of malware.
posted by clockworkjoe at 8:51 PM on March 1, 2006

If you’d come to me in friendship, then the scum that ruined your software would be suffering this very day. And if an honest program like yourself should make enemies then they would become my enemies...and then they would reboot themselves.
posted by Smedleyman at 9:25 AM on March 2, 2006

Myself, I've seen a huge increase in phishing spam the last couple of months.

Good to know I'm not the only one winning free goods from Toys R Us every fucking day.
posted by mrgrimm at 10:32 AM on March 3, 2006

« Older freedom fighters   |   Ol' 55 Newer »

This thread has been archived and is closed to new comments