Crimeware

Crimeware is a special type of malware designed specifically to facilitate and automate financial crime. It performs illegal actions on the victim’s computer, which include, but are not limited to:

• Identity theft (theft of names, social security numbers, etc.)
• Stealing trade secrets or proprietary information for sale or blackmail and extortion
• Stealing contact lists and email addresses for further transmission or sale

The above actions are generally designed to bring some kind of financial benefit to the distributor of the crimeware, rather than simply cause an inconvenience to the user in the form of a prank.

Crimeware is generally transmitted in the form of an email attachment. The unsuspecting victim opens the attachment, which spawns the crimeware program. This program might do a number of things, ranging from simple key-logging to sophisticated searches of the victim's computer for confidential information. The information is then transferred back to the distributor of the crimeware.

Commonly, crimeware programs are widespread and try to infect as many hosts as possible. Targeted crimeware, however, gains nothing by spreading beyond the intended victim, and thus generally does not seek to spread beyond the original target.

Reports indicate that the average per-incident cost to companies that experienced the loss or theft of customers' personal data as a result of cybercrime is $6.3 million, including direct loss, customer notification and law suits (Ponemon Institute survey), and seems to be a growing problem. A Government Accountability Office report published in July 2006 placed the cost of cybercrime to the U.S. economy at around $117.5 billion per year. A detailed report on crimeware has been compiled by the Anti-Phishing Working Group .