Shape-shifting 'crimeware'

CREDIT: Jason Payne, The Vancouver Province

Vancouver forensic computer expert Ryan Purita warns that the only purpose of new 'crimeware' is to steal.

North American computer experts are warning of a sinister evolution in the business of software that installs itself on computers without warning.

"Crimeware" -- a cheap and custom-made form of spyware specifically designed to infiltrate home PCs, bypass firewalls and sneak past security measures set up by online banking systems -- is being advertised for sale on Internet bulletin boards.

For $ 650 U.S., purchasers of a "Basic Spyware Package" created by Russian programmers known as the RAT Systems Crew, are able to evade firewalls designed specifically to detect and filter out spyware.

The program includes a keylogger capturing every keystroke typed into the infected computer, and a "clipboard logger" to take note of anything highlighted or copied. It also grabs passwords stored in computer files or typed into form fields -- for example, in online banking sites -- and monitors online payment transaction systems, notably WebMoney and E-Gold.

The information can be accessed from anywhere in the world, and rerouted to an anonymous web address.

The "Basic Spyware Package" is available from a members-only bulletin board site called the Association for the Advancement of Criminal Activity.

Spyware and adware programs installed on to millions of home computers with the aim of delivering nuisance pop-up advertising are being superceded by a far more insidious variety, whose purpose is to facilitate theft and fraud.

"This spyware is logging things, it's taking screen captures, stealing passwords -- its only purpose on your computer is to steal. It installs itself stealthily, exploiting vulnerabilities in Microsoft, just like a virus or worm, and the next thing you know your home page (has been highjacked and changed to a gambling site) -- and you can't change it back," said Ryan Purita, of Totally Connected Security, a Vancouver forensic computer examiner who is one of a handful of experts in Canada certified to testify in court cases.

"When was the last time somebody legit wanted to install software like this?"

A report released last week by the U.S. security software vendor Webroot Software Inc., called spyware as a more than $ 2-billion-a-year business, and calculated unwanted software and toolbars to be lurking on 55 per cent of corporate and home computers in North America.

People often mistakenly download spyware themselves, since it's bundled into a variety of "free" online utilities, from screen savers to stock tickers and weather toolbars.

Once nestled into a computer, spyware and adware traditionally slows or crashes the system as it issues a deluge of advertising for Internet porn and gambling sites. But those activities are mild in comparison with what the Basic Spyware Package advertises.

"Crimeware is the next morphing of the phenomenon," said Richard Stiennon, vice-president of threat research for Webroot, and author of the report.At least 140,000 websites now download malicious programs automatically, without warning, by exploiting weaknesses in Internet Explorer, Mr. Stiennon said.

Anti-spyware programs, including free programs such as Ad-Aware or Spybot: Search and Destroy, or Webroot's version Spy Sweeper, can help eliminate most illicit programming and protect computers. But the Basic Spyware Package purports to contain instructions that enable it to continually shape-shift in order to hide from spyware-seeking code.

Dave Jevans, chairman of the Anti-Phishing Working Group, a Cambridge, Massachusetts, partnership of banks, credit card companies and Internet security firms, said in the past year there has been "a real explosion" in criminal spyware, with a 50-per-cent increase every month in the number of ne

Great. Now I get to go back to sitting on my front porch chatting with the neighbors.

see... its safe way.