What is Crimeware?

Category: Security

Imagine if, for only $3000, you could buy the role of a crime lord whose millions of minions obediently and constantly funnel money to you. Now imagine that anyone can. Finally, understand this is not fantasy, and you might become very scared. Learn more about crimeware, and how to protect yourself...

Zeus, Botnets and Crimeware

The Zeus botnet is a worldwide network of computers over which hackers have established control, often without the owners' knowledge. These robot or "zombie" computers are controlled by a Trojan horse program they picked up by opening an infected email attachment or visiting a phishing Web site.

The Zeus Trojan is a versatile devil. It's a keylogger that records logon credentials as you type them. It alters your bank's Web page HTML to facilitate identity theft. It redirects your browser to a lookalike Web site where you can be fooled into giving up more critical information. It searches your hard drive for bank account and other financial data it can upload to its masters; and much more. For an exhaustive report on Zeus, its components, and its nefarious capabilities visit SecureWorks.

In October, 2010, the FBI announced that it arrested more than 90 Americans in "one of the largest cyber criminal cases we have ever investigated". The arrestees were "money mules" who received stolen funds in their bank accounts and forwarded it to their criminal masters in exchange for a commission. The mules received the money - over $70 million total - by fraudulent transfers of money enabled by the Zeus botnet. The thieves originally targeted $220 million, says the FBI.
Crimeware

Now it gets really scary. The criminal creators of the Zeus botnet are now selling a bundle of software called "Zeus crimeware" which enables just about anyone to be a cybercrime kingpin. Zeus crimeware is as user-friendly as any commercial legitimate program. Wizards guide you step-by-step through the process of configuring which keystrokes to capture under what circumstances; where to transmit the stolen logon credentials; and the creation of a seemingly innocent and alluring "free download" to turn loose on unsuspecting victims. Plus, you too can use the existing Zeus botnet to start robbing strangers. You might possibly also get arrested by federal agents and thrown into prison with some Russian guys. But you know, life is filled with risks and rewards.

Are You an Ignorant Zombie?

You may have no interest in running a global criminal cyber-enterprise. But you COULD be an unwitting participant. Nearly 4 million PCs in the U.S. alone are part of the Zeus botnet, with estimates of worldwide infections running much higher. Using Zeus, cybercriminals have pulled off some spectacular crimes.

A good anti-virus program should protect you, but if you want to double check if your computer is infected with the Zeus Trojan, start by looking for these file paths and files on your system.

If you are logged on with Administrator privileges:

  • %systemroot%\system32\sdra64.exe (malware)
  • %systemroot%\system32\lowsec
  • %systemroot%\system32\lowsec\user.ds (encrypted stolen data file)

If you are not logged on with Administrator privileges:

  • %appdata%\sdra64.exe
  • %appdata%\lowsec
  • %appdata%\lowsec\user.ds

Note that Zeus files are "hidden" by default, so you will have to set Windows Search to show hidden files or you will detect nothing.

Protecting yourself from a Zeus infection requires extreme caution. Experts recommend logging on to online banking and other password protected accounts using an "isolated" computer that is not used for general Internet work (email and Web browsing). But that's not very practical for most consumers and small businesses.

Alternatively, you might consider a different operating system. Zeus is most often found on Windows XP systems. An optional Zeus crimeware kit makes Zeus Trojan compatible with Vista and Windows 7; not every crook spends the money for this option so these OSes are safer than XP. But to escape Zeus altogether you would have to switch to a non-Windows operating system, i. e., Mac OS or Linux.

At the very least, keep your anti-malware software up to date and constantly activated. Avoid clicking on email attachments from unknown senders. Enable the anti-phishing features of your Web browser and if it says, "don't go there," don't go there.

Have you been a victim of crimeware? Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 17 Dec 2010


For Fun: Buy Bob a Snickers.

Prev Article:
Registry Cleanup

The Top Twenty
Next Article:
Disk Defraggers

Most recent comments on "What is Crimeware?"

Posted by:

Martha
17 Dec 2010

On my computer, making certain I included hidden files in my search, I looked for all three files and file paths. I got instant, negative results for both %systemroot%\system32\sdra64.exe and %systemroot%\system32\lowsec. However, when I searched for %systemroot%\system32\lowsec\user.ds, I got the following message:

"C:\WINDOWS\system32\lowsec refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location."

There was no disk inserted, and I was connected to the Internet during my search, and I made two further tries--and came up with the same reply each time. Does this allusion to "a location that is unavailable" mean I'm infected?

You bet I'm scared! Thanks for your answer.

EDITOR'S NOTE: That message just means the folder doesn't exist. You can put in ANY invalid folder name and get the name result. Nothing to worry about.


Posted by:

Lynda Smith
18 Dec 2010

I cannot follow your instructions because I don't know how to set Windows Search to show hidden files. I have Windows 7 Home Premium, 64 bit. Please help. I am scared, too. What do I do if I find the hidden files??

EDITOR'S NOTE: In Windows 7, here's how to search for hidden files and folders:

- Click Start, enter "search" in search box, press ENTER.

- Click Organize / Folders and search options

- Click the View tab, then

-- Select the radio button "Show hidden files, folders, and drives"

-- Remove the checkmark from "Hide extensions for known file types."

-- Remove the checkmark from "Hide protected operating system files."

- Click Apply, then OK

If you find something, use an anti-malware program such as MBAM to remove it. See http://askbobrankin.com/malwarebytes_antimalware.html


Posted by:

Lynda Smith
21 Dec 2010

Thanks so much for the info on how to set Windows to show hidden files. I am sure that this info will help others as well, and now I have a way to protect my computer. I remember your article on MBAM and will be sure to use this program, if needed.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- What is Crimeware? (Posted: 17 Dec 2010)
Source: https://askbobrankin.com/what_is_crimeware.html
Copyright © 2005 - Bob Rankin - All Rights Reserved