Crimeware is any computer program or set of programs designed expressly to facilitate illegal activity online. Many spyware programs, browser hijackers, and keyloggers can be considered crimeware, although only those used illicitly. One common type of crimeware is the phishing kit, a collection of tools assembled to make it easier for people with little technical skill to launch a phishing exploit. A phishing kit typically includes Web site development software, complete with graphics, coding, and content that can be used to create convincing imitations of legitimate sites, and spamming software to automate the mass mailing process. Phishing kits and other types of crimeware are readily available on the Internet.
In a phishing exploit, the perpetrator sends spam purporting to be from a valid Web site, such as PayPal or eBay, asking the recipient to visit the site and update personal information. The e-mail may bear exciting or disturbing text in the subject line, maximizing the likelihood that the victim will open the message. When the victim clicks on a link in the message, they are taken to a fraudulent site that, typically, appears quite legitimate. There, the user is asked to provide sensitive information, such as credit card and bank account numbers and passwords, that can then be misused.
Other types of crimeware gather information illegally by surreptitiously installing a keylogger in your computer that will then record everything that is entered at the keyboard, including passwords and other privileged information. Periodically an associated Trojan horse program installed on your computer without your knowledge will send this privileged information to the crimeware originator.
The more sophisticated crimeware programs evade detection by most spyware scanning programs and will not be detected by most firewalls. Once stolen, the information can be accessed and exploited from anywhere in the world. The international nature of crimeware makes prevention and legal action difficult.