'Crimeware as a service', where criminals use online cybercrime services instead of running their own servers and software, is the latest development in internet crime, according to a report.
The term was coined by security supplier Finjan, in the latest report from its Malicious Code Research Center. Finjan identified that criminals have started to use online cybercrime services instead of having to deal with the technical challenges of running their own servers, installing 'crimeware' toolkits or compromising legitimate websites.
Yuval Ben-Itzhak, chief technology officer at Finjan, said: "Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the crimeware services, especially since the operator does not necessarily conduct the criminal activities ... but only provides the infrastructure for it."
As with mainstream software providers, the creators and owners of these crimeware toolkits are providing their customer base with software updates as well as equipping them with sophisticated, anti-forensic attack techniques such as the ability to manage and monitor malicious code affiliation networks.
Finjan has also identified that the delivery and distribution of malware have been upgraded to deliver a different type to different geographical regions.
"Cybercriminals can now generate more targeted infections and deliver specialized crimeware for specific geographical regions," Ben-Itzhak said. Criminals were employing sophisticated marketing and sales techniques to address the cybercrime economy, he said.
The next phase in the commercialization of the services, predicts Finjan, is to create a service that provides the victim data tailored to the criminal intent. Having such a service would eliminate the need for attackers to even have to log-in to manage an attacker profile on a crimeware-toolkit platform.