Monthly Archives: October 2006

“Crimeware” – How Organised Crime Uses Technology and Social Engineering

“Crimeware” is the latest label given to the technology toolkit criminals (and wanna-be kiddies) use to get information on Internet users’ identities for fraudulent purposes — or just for fun and the 15 minutes of fame in the case of kiddies.

A report by the Anti Phishing Working Group (download link) lists common penetrating mechanisms:

  • Attachments sent via email or instant message – or in an apparently
    discarded hardware devices such as USB keys;
  • Piggybacking schemes in which crimeware is embedded into another piece
    of software such as an apparent shareware application;
  • Internet Worms that exploit vulnerabilities within networks and PCs to
    propagate themselves and install back doors and other crimeware
  • Web Browser Exploits in which browser vulnerabilities are leveraged to
    directly infect PCs from the compromised server by the pages being
    viewed or by injecting crimeware code remotely via scripting exploits
    into the PC;
  • Distribution via Hacking in which crimeware is installed manually by
    hackers who have discovered or exploited vulnerabilities that give them
    access and control of a PC;
  • Distribution via Affiliate Marketing in which marketing programs
    provide incentives to 1) install malware on visitors PCs, some of which
    can be later exploited to plant crimeware or 2) to directly install
    crimeware on visitors’ PCs.

While this does not sound new, really, it report is a truly nice textbook approach explaining how these attacks work, backed up with some nice statistics, too. It makes a good read for people with an intermediate knowledge of Internet technology; and it provides ideas for countermeasures against the featured modes of attack.

Download, read, enaction, … and distribute.

Swiss Police: Meticulous — and Over the Top

Stop Swiss Police Using Trojans for VoIP Tapping!

Schneier on Security reports that the so polite and clean and neutral Swiss are thinking about it: to break the law and hack into your systems to make YOU a criminal.

Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.

VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.

This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force — not easy during a three-minute phone call. What’s more, many VoIP services are not based in Switzerland, so the authorities don’t have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.

The only alternative is to find a means of listening in at a point before the data is encrypted.


In order to install the application on the target computer, the Swiss authorities
envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.

The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.

The Most Common Application-level Hack Attacks

Watchfire has published a whitepaper on the most common application-level hack attacks

It lists the most common attacks on web-forms which are used to collect personal, classified and confidential information.

  • Manipulating cookie information
  • Manipulation of hidden fields
  • Changing parameters
  • Buffer overflow
  • Cross-site scripting
  • and many more

The paper also outlines a guideline for developing secure web applications.

By giving away your details you can register to receive this whitepaper at