Helping people with computers... one answer at a time.

Malware has come a long, long way since its origination as a benign joke or proof-of-concept. Today most malware all boils down to someone, somewhere, making money.

What monetary gain do malware creators have in creating their nasty stuff? Does someone pay them to do this? Or do they just do it for the sheer enjoyment of wreaking havoc?

It used to be about enjoyment and bragging rights, and I'll speak to that in a moment.

In recent years, however, the nature of malware has changed dramatically, and you've nailed it at the start:

It's all about the money. Lots and lots of money.

The Past: Bragging Rights

Malware has evolved.

The concept of viruses or self-replicating programs actually originated with early computer researchers, but never put into play.

The first actual viruses were, essentially, pranks or fairly benign proof that viruses could be created. Most simply displayed a message of some sort to indicate that they were present, while infecting other computers through various means.

"Malware today is primarily about someone, somewhere, making money."

Interestingly the first virus to be caught "in the wild" (publicly accessible computers and networks) was called Elk Cloner and infected the Apple DOS operating system, and dates back to 1981. It was created by a 15 year old, as a joke.

Things went downhill from there.

As computers became more and more accessible, and networked, hackers of various flavors found the concept of infecting computes with malware challenging, and even began to compete with each other. Less savory elements went so far as to create malware that was destructive, simultaneously raising the stakes of the competition.

The more computers infected, the more data destroyed, the more bragging rights the hacker garnered.

Others, however, saw a different potential. For that, though, we need to veer into the world of spam.

Then Came Spam

Spam is nothing more than unsolicited and unwanted communication, typically in the form of email.

However while the term is recent, the concept predates both the internet and even the telephone. Nope, we're talking the telegraph here:

The first recorded instance of a mass unsolicited commercial telegram is from May 1864. Up until the Great Depression, wealthy North American residents would be deluged with nebulous investment offers.1

Even then what was to become spam boiled down to what we see today: unsolicited advertising of questionable products.

Or, not so questionable. The first computer spam might be considered an email promoting a new model of Digital Equipment Computer. A fine computer, I'm sure. A not-so-fine approach to promoting it.

Fast forward to today, where an estimated 80 to 90 percent of all email flying around the internet is some form of spam.

Spam: It Makes Money

"No one buys that crap, do they?"

I hear that a lot. Most people know that they should never, ever purchase anything because of, or through, spam that they've received.

Most people.

Unfortunately some do, indeed, "buy that crap".

The beauty of spam, at least from the spammer's perspective, is twofold:

  • It's dirt cheap to send lots of spam; millions and millions of messages for next to nothing, for example.

  • It only takes a few sales to make it worthwhile.

So while you know enough not to fall for spam, not everyone does. Just a few who actually purchase those drugs, pornography, body-enhancement products or whatever else you see is enough. In fact quite literally if one person in a million recipients of spam makes a single purchase, then it's extremely likely that the spammer has made money.

That's why spam exists.

And that's why we have spam to thank not only for all that email, but for the earliest introduction of money into the equation.

Making Money with Malware

Malware today is primarily about someone, somewhere, making money.

Exactly how that happens differs depending on the circumstances and the type of malware we're talking about. Perhaps somewhat surprisingly it often even comes back to spam.

Here are a few examples:

  • Botnets

    A botnet is a network of thousands or hundreds of thousands of computers belonging to everyday people that have been infected with software that, as much as possible, does no damage and attempts to hide its very existence. This network of thousands of computers can then be remotely programmed on-the-fly to send out massive amounts of - you guessed it - spam.

    The reason botnets are so popular for sending spam is that the email appears to come from the IP addresses of the thousands of infected computers. When combined with "From: spoofing", the use of fake email addresses in the email's "From:" line, it makes the spam almost impossible to block based on origin.

    Botnets, once established, can be rented by individuals and organizations who want to send out spam promoting whatever it is they want to promote. Botnet owners (or "bot herders" as they're sometimes referred to) make money, and as we've seen, spam makes money.

  • Keyloggers

    Keyloggers are a form of malware that, once again, attempt to hide their existence from view. The point of a keylogger is to record the usernames and passwords of the various online accounts that a computer might be used to log into. Once that information is captured, the hacker can then access those accounts. If they happen to be email accounts the hacker then has a way to send more untraceable spam to the account holder's contacts that's also more likely to be opened by the unsuspecting recipients.

    Keyloggers can also be a source of credit card or identity theft. If the information captured is sufficient for a hacker to steal enough identifying information he can often get credit cards or loans in the victim's name, which he can then turn around and use to purchase items that can then be sold for cash. As I understand it there may also be a "secondary market" for the actual information collected so that someone else can actually perform the identity theft.

    It's worth pointing out that the term keylogger is actually inaccurate, or at least incomplete. Yes, many record only keystrokes, but many record much, much more including screen images, mouse clicks and position and other information that can make them almost impossible to bypass.

  • Link Hijackers and Toolbars

    Relatively new to the scene, link hijacking malware does exactly what the name implies: when you search for something and click on the link of the result you wish to view, the hijack intercepts that and displays instead a page of advertising of some sort. The advertising may or may not relate to what you were searching for, depending on the sophistication of the malware.

    Toolbars are also a fairly new threat, and can often do much more than just hijack a few links. Often toolbars come with a complete replacement of your browser's default search engine such that your searches are directed to their technology, or another technology from which the hacker can make money - either by displaying ads, or any purchases that you might make as a result.

    While there are many valuable and helpful toolbars, malicious ones are capable of intercepting and monkeying with just about anything you might do in the browser, including acting as a keylogger, or displaying advertising for which the toolbar author is paid.

  • Ransomware

    Ransomware has been on the rise of late, and is perhaps the most blatantly obvious use of malware to make money.

    Once infected the target computer is somehow "locked" - sometimes even going so far as to encrypt the contents of the hard disk - and a message displayed that extorts payment for the code to unlock.

    Particularly if encryption is used, alternatives are few2, and many people opt to simply make the payment, in the hope that the malware author will a) actually unlock as promised, and b) not misuse the payment information required to perform the unlock.

I'm certain I'm only skimming the surface, but you get the idea. The vast majority of malware prevalent today is all about making someone money. Typically it involves taking money from you and somehow giving it to them.

Bragging Rights Are Still At Play

Even today while most is somehow related back to making money not all malware is.

Hackers started somewhere and when they did it typically involved experimentation, seeing what works, seeing how far they can get, and learning what works and what doesn't.

And I'm sure that, among their peers, bragging rights are still very much at play.

1: From the History section of the Computer virus article on Wikipedia.

2: The simplest and easiest recovery? Revert to a backup image taken before the infection occurred. Yet another reason for making sure you have appropriate, preferably daily, image backups in place.

Article C6256 - January 19, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

January 20, 2013 1:19 AM

I think there is one other noteworthy category, namely sophisticated malware that is used to spy on organizations and governments and cause major trouble, such as Stuxnet, Flame and recently Red October. I'm not sure how widespread they are, but one of the concerns with them is that if that kind of sophisticated software ends up in the wrong hands, it could perhaps be used to make malware even more malicious.

Espionage is overrated. Smile That's not to say it doesn't exist, just that the average computer user is impacted much more by more pedestrian money-making efforts.

Ken B
January 21, 2013 11:00 AM

Or, as we tell people who tell us "I have nothing on my computer worth stealing -- I don't bank online with it, I don't buy things online, I have no personal information on it":

"Your computer's internet connection is worth stealing."

S. Buddy Harris
January 22, 2013 9:09 AM

Of what value would a daily back-up be since the hacked infection additionally is saved and activates when and if you ever open the back-up?

January 22, 2013 10:29 AM

S. Buddy Harris,
You'll also have the backups from all the days before, so at the worst you just lose a day's data.

January 22, 2013 12:27 PM

to S. Buddy Harris:
Opening a backup does not activate malware, and restoring does not require restoring all the latest files. You can restore up to a particular date

January 22, 2013 1:44 PM

Suggestion: I know this is "knit-picky", Leo, but you may want to start running a spell checker on your newsletters. This one was full of typos and omitted words.

I've talked about it before, but I run what you might call a non-standard publishing model: write, publish, edit. I'm generally pretty good, though I have my bad days, but within a couple of days a "real" editor comes along and cleans things up.

January 22, 2013 4:10 PM

Thank you for the info Leo. I don't always comment, but I always appreciate your information!

January 22, 2013 5:33 PM

Those hackers who abound around our country and others need to be summarily dispatched with no qualms and thereby get rid of them.

James Abuda
January 22, 2013 5:55 PM

and yes, just like mike said, I am also one of the persons that don't always comment, but always reading your article. I love your articles. :-).

William in Las Vegas
January 23, 2013 5:57 PM

I've asked you questions and bought you coffees accordingly..............I read your newsletters and learn alot. What's my point?? You're great, keep up the excellent work !!!

Nigel Betteridge
January 24, 2013 3:53 AM

Thank you for providing so much useful information in your newsletters. It is particularly useful being aware of the online threats.

January 24, 2013 1:27 PM

Would like to read about recent JAVA hack and what's being done about it. Keep up the good articles!! TY

January 26, 2013 5:14 PM

Just an observation. Like in any other business effort "bragging rights" equate to reputation and word of mouth self-promotion.

Perhaps that is even more critical in the shadowy world of malware generation and distribution, where open advertisement of an illicit skill-set would be counterproductive.

So while "bragging rights" may actually serve to lift a malware author up the totem pole of peer prestige, it also has to be a benefit financially to the one earning those "bragging rights".

It seems highly unlikely that the malware author who comes up with a successful system would have his code ignored by those who would want to use it for financial gain. The process of "bragging" about it would thus serve as both to boost peer prestige and a means of advertising that successful system for personal financial gain.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.