Crimeware: Understanding New Attacks and Defenses and over one million other books are available for Amazon Kindle. Learn more
  • List Price: $64.99
  • Save: $13.83 (21%)
Only 3 left in stock (more on the way).
Ships from and sold by
Gift-wrap available.
Add to Cart
Condition: Used: Good
Comment: Ex-library book. May have typical labels and markings. Eligible for FREE Super Saving Shipping! Fast Amazon shipping plus a hassle free return policy mean your satisfaction is guaranteed! Good readable copy. Worn edges and covers and may have small creases. Otherwise item is in good condition.
Access codes and supplements are not guaranteed with used items.
Add to Cart
Trade in your item
Get a $4.68
Gift Card.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Crimeware: Understanding New Attacks and Defenses Paperback – April 16, 2008

ISBN-13: 978-0321501950 ISBN-10: 0321501950 Edition: 1st

Buy New
Price: $51.16
9 New from $51.16 15 Used from $17.94
Amazon Price New from Used from
"Please retry"
"Please retry"
$51.16 $17.94


Frequently Bought Together

Crimeware: Understanding New Attacks and Defenses + Security Policies And Implementation Issues (Information Systems Security & Assurance)
Price for both: $140.31

Buy the selected items together

Customers Who Bought This Item Also Bought


Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now

Product Details

  • Paperback: 608 pages
  • Publisher: Addison-Wesley Professional; 1 edition (April 16, 2008)
  • Language: English
  • ISBN-10: 0321501950
  • ISBN-13: 978-0321501950
  • Product Dimensions: 9.1 x 7.1 x 1.2 inches
  • Shipping Weight: 1.9 pounds (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (9 customer reviews)
  • Amazon Best Sellers Rank: #872,807 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Markus Jakobsson, Ph.D., is currently principal scientist at Palo Alto Research Center and an adjunct associate professor at Indiana University. The coauthor of more than one hundred peer-reviewed articles and co-inventor of more than fifty patents, Markus studies the human factor of security and cryptographic protocols with an emphasis on privacy.


Zulfikar Ramzan, Ph.D., is currently a senior principal researcher with Symantec Security Response. Coauthor of more than fifty technical articles and one other book, Zulfikar is a frequent speaker on his areas of expertise: theoretical and practical aspects of information security and cryptography.

Excerpt. © Reprinted by permission. All rights reserved.

Traditionally, malware has been thought of as a purely technical threat, relying principally on technical vulnerabilities for infection. Its authors were motivated by intellectual curiosity and, sometimes, by competition with other malware authors.

This book draws attention to the fact that this is all history. Infection vectors of today take advantage of social context, employ deceit, and may use data-mining techniques to tailor attacks to the intended victims. Their goal is profit or political power. Malware has become crimeware. That is, malware has moved out of basements and college dorms, and is now a tool firmly placed in the hands of organized crime, terror organizations, and aggressive governments. This transformation comes at a time when society increasingly has come to depend on the Internet for its structure and stability, and it raises a worrisome question: What will happen next? This book tries to answer that question by a careful exposition of what crimeware is, how it behaves, and what trends are evident.

The book is written for readers from a wide array of backgrounds. Most sections and chapters start out describing a given angle from a bird’s-eye view, using language that makes the subject approachable to readers without deep technical knowledge. The chapters and sections then delve into more detail, often concluding with a degree of technical detail that may be of interest only to security researchers. It is up to you to decide when you understand enough of a given issue and are ready to turn to another chapter.

Recognizing that today’s professionals are often pressed for time, this book is written so that each chapter is relatively self-contained. Rather than having each chapter be sequentially dependent on preceding chapters, you can safely peruse a specific chapter of interest and skip back and forth as desired. Each chapter was contributed by a different set of authors, each of whom provides a different voice and unique perspective on the issue of crimeware.

This book is meant for anyone with an interest in crimeware, computer security, and eventually, the survivability of the Internet. It is not meant only for people with a technical background. Rather, it is also appropriate for makers of laws and policies, user interface designers, and companies concerned with user education. The book is not intended as a guide to securing one’s system, but rather as a guide to determining what the problem really is and what it will become.

Although we often use recent examples of attacks to highlight and explain issues of interest, focus here is on the underlying trends, principles, and techniques. When the next wave of attacks appears—undoubtedly using new technical vulnerabilities and new psychological twists—then the same principles will still hold. Thus, this book is meant to remain a useful reference for years to come, in a field characterized by change. We are proud to say that we think we have achieved this contradictory balance, and we hope that you will agree.

More About the Author

Dr. Markus Jakobsson writes about various aspects of Internet security, aiming for an audience of technically interested readers, without requiring deep prior knowledge of computer science, mathematics or security.

He is Principal Scientist at Paypal, and has previously held positions at Bell Labs, RSA Labs, Xerox PARC, Indiana University and New York University. He has a PhD in computer science from University of California at San Diego. Dr. Jakobsson does research on mobile commerce, malware, authentication, user education, user interfaces and phishing. He is an inventor of more than 100 US and international patents and patents pending and the co-founder of two startups.

His webpage is

Customer Reviews

4.7 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 9 customer reviews
The first author, Markus Jakobsson, is one of the best researchers I know in cyber-security.
L. Yang
In contrast to most security books, this book covers not only technical aspects, but also social and legal aspects of security.
Amazon Customer
The Future of Crimeware This book is not just another compendium of malware and defensive countermeasures.

Most Helpful Customer Reviews

13 of 13 people found the following review helpful By Stephen Northcutt on April 28, 2008
Format: Paperback
Crimeware by Jakobsson and Ramzan sets a new standard for security books. It is both eminently pragmatic and at the same time, a scholarly work. I thought I knew a bit about malware, but I learned tons from the book. I struggled a bit with 16.2 Crimeware-Resistant Authentication and encourage the authors to take another look at that when they do second edition and this book simply must have a second edition. It will also be interesting to see if the taxonomy, chapter 2 takes hold. It would seem like we need a bit more of a classification system than Joanna Rutkowska's type 1 - 3 for our community.

The book gets right down to it, most authors waste the first few chapters with background information. Now to be sure, this is background, but it is pretty deep background. My favorite chapter is 7, botnets, but 6.3 JavaScript is very well done and immediately useful information to know. For a high speed pass, chapter 8 rootkits will get you up to speed, but that needs a whole lot more material to really cover the topic.

As this is an election year, and a crazy one at that, chapter 10 is a must read, it details a number of ways the election could be impacted, I think a bit about evoting machines might make a scary chapter even scarier. As soon as I finish this review, I need to send a note to a friend of mine concerned about click fraud, the authors do a great job on that in chapter 11.

And the best thing, the authors do not just tell you how bad things are, they spend a lot of time talking about defense. And if I can offer a thank you to the fifty or so researchers that helped with the book, thank you very much, the defensive information community is far better off for your efforts. A must own, must read, must read soon if there ever was such a thing. Order it now!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 5 people found the following review helpful By Richard Bejtlich on April 26, 2009
Format: Paperback
Crimeware is a collection of chapters collectively written by 40-odd security researchers. Sometimes this approach is a formula for disaster, but here the end result is a solid book that covers a broad number of topics. Because each author or group of authors know their field well, they can delve fairly deeply when necessary, and their material is technically accurate. However, some of the chapters are boring and lifeless. This book blocked my reading queue for about 4 months, which is a sign I found the text unappealing. It took a flight from Amsterdam to convince me to finish it! Still, I agree with many of the other reviewers -- Crimeware is an impressive examination of malware, on a variety of fronts.

Chapter 8: Rootkits, by Prashant Pathak, was my favorite. I've read books on rootkits before, by Pathak's chapter presented the subject in a very understandable manner. His methodical and disciplined approach seemed very effective. He explained various approaches and terms, instead of assuming the reader knew what he was discussing already. I recommend reading chapter 8 before tackling other books on rootkits.

Chapter 1: Overview of Crimeware, by Aaron Emigh and Zulfikar Ramzan; Chapter 6: Crimeware in the Browser, by Dan Boneh, et al; and Chapter 7: Bot Networks, by James Hoagland, Zulfikar Ramzan, and Sourabh Satish addressed the core malware topics I would expect to appeal to the sorts of readers who frequent my blog. While several other chapters offered novel research, these three plus the rootkits chapter are probably most helpful to those defending networks.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By Richard L. Russell on April 15, 2008
Format: Paperback
If you are looking for a book to show you what the bad guys are doing with computers to steal data or comprise systems then this is the book for you.

I really enjoyed chapter 7 on Bot Networks. Like most of the other chapters it covers the basics of the topic, then digs deeper into the workings of the subject. And if you really want deep detail the ending sections go into extremely deep details (the book says these sections may only be of interest to security researchers). Some of the ending sections were over my head. But, the ones I did understand opened my eyes to those topics in a different light.

This book will be on my reference shelf for quite sometime due to the detail and range of topics covered.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By sixmonkeyjungle on October 31, 2008
Format: Paperback
There was a time when viruses and worms were written primarily for the purposes of creating chaos and getting 15 minutes of fame in the malware underworld. Script-kiddies could crank out exploits that spread like wildfire and interrupted computer and network productivity, but with little impact or implication beyond the annoyance factor in most cases.
That time is gone. It has been gone for a while now. Professional criminals and crime syndicates eventually figured out that these same attacks and exploits, if properly crafted, could represent a windfall of ill-gotten cash. Rather than trying to have the greatest impact and notoriety, today's attacks seek to find a balance between compromising as many machines as possible while also staying under the radar and remaining undetected by users or security software.

The authors of Crimeware: Understanding New Attacks and Defenses have put together a comprehensive and thorough guide to current malware- which they call crimeware- and how to defend against it. Rather than go on about the scope of the book, I will just list the chapters and let you judge for yourself.

1.Overview of Crimeware
2.A taxonomy of Coding Errors
3.Crimeware and Peer-to-Peer Networks
4.Crimeware in Small Devices
5.Crimeware in Firmware
6.Crimeware in the Browser
7.Bot Networks
9.Virtual Worlds and Fraud
10.Cyberware and Politics
11.Online Advertising Fraud
12.Crimeware Business Models
13.The Educational Aspect of Security
14.Surreptitious Code and the Law
15.Crimeware and Trusted Computing
16.Technical Defense Techniques
17.The Future of Crimeware

This book is not just another compendium of malware and defensive countermeasures. This book provides that, but goes beyond that to educate the reader and provide tremendous insight about how and why crimeware works.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images