Helping people with computers... one answer at a time.
Malware has come a long, long way since its origination as a benign joke or proof-of-concept. Today most malware all boils down to someone, somewhere, making money.
What monetary gain do malware creators have in creating their nasty stuff? Does someone pay them to do this? Or do they just do it for the sheer enjoyment of wreaking havoc?
It used to be about enjoyment and bragging rights, and I'll speak to that in a moment.
In recent years, however, the nature of malware has changed dramatically, and you've nailed it at the start:
It's all about the money. Lots and lots of money.
Malware has evolved.
The concept of viruses or self-replicating programs actually originated with early computer researchers, but never put into play.
The first actual viruses were, essentially, pranks or fairly benign proof that viruses could be created. Most simply displayed a message of some sort to indicate that they were present, while infecting other computers through various means.
Interestingly the first virus to be caught "in the wild" (publicly accessible computers and networks) was called Elk Cloner and infected the Apple DOS operating system, and dates back to 1981. It was created by a 15 year old, as a joke.
Things went downhill from there.
As computers became more and more accessible, and networked, hackers of various flavors found the concept of infecting computes with malware challenging, and even began to compete with each other. Less savory elements went so far as to create malware that was destructive, simultaneously raising the stakes of the competition.
The more computers infected, the more data destroyed, the more bragging rights the hacker garnered.
Others, however, saw a different potential. For that, though, we need to veer into the world of spam.
Spam is nothing more than unsolicited and unwanted communication, typically in the form of email.
However while the term is recent, the concept predates both the internet and even the telephone. Nope, we're talking the telegraph here:
The first recorded instance of a mass unsolicited commercial telegram is from May 1864. Up until the Great Depression, wealthy North American residents would be deluged with nebulous investment offers.1
Even then what was to become spam boiled down to what we see today: unsolicited advertising of questionable products.
Or, not so questionable. The first computer spam might be considered an email promoting a new model of Digital Equipment Computer. A fine computer, I'm sure. A not-so-fine approach to promoting it.
Fast forward to today, where an estimated 80 to 90 percent of all email flying around the internet is some form of spam.
"No one buys that crap, do they?"
I hear that a lot. Most people know that they should never, ever purchase anything because of, or through, spam that they've received.
Unfortunately some do, indeed, "buy that crap".
The beauty of spam, at least from the spammer's perspective, is twofold:
It's dirt cheap to send lots of spam; millions and millions of messages for next to nothing, for example.
It only takes a few sales to make it worthwhile.
So while you know enough not to fall for spam, not everyone does. Just a few who actually purchase those drugs, pornography, body-enhancement products or whatever else you see is enough. In fact quite literally if one person in a million recipients of spam makes a single purchase, then it's extremely likely that the spammer has made money.
That's why spam exists.
And that's why we have spam to thank not only for all that email, but for the earliest introduction of money into the equation.
Malware today is primarily about someone, somewhere, making money.
Exactly how that happens differs depending on the circumstances and the type of malware we're talking about. Perhaps somewhat surprisingly it often even comes back to spam.
Here are a few examples:
A botnet is a network of thousands or hundreds of thousands of computers belonging to everyday people that have been infected with software that, as much as possible, does no damage and attempts to hide its very existence. This network of thousands of computers can then be remotely programmed on-the-fly to send out massive amounts of - you guessed it - spam.
The reason botnets are so popular for sending spam is that the email appears to come from the IP addresses of the thousands of infected computers. When combined with "From: spoofing", the use of fake email addresses in the email's "From:" line, it makes the spam almost impossible to block based on origin.
Botnets, once established, can be rented by individuals and organizations who want to send out spam promoting whatever it is they want to promote. Botnet owners (or "bot herders" as they're sometimes referred to) make money, and as we've seen, spam makes money.
Keyloggers are a form of malware that, once again, attempt to hide their existence from view. The point of a keylogger is to record the usernames and passwords of the various online accounts that a computer might be used to log into. Once that information is captured, the hacker can then access those accounts. If they happen to be email accounts the hacker then has a way to send more untraceable spam to the account holder's contacts that's also more likely to be opened by the unsuspecting recipients.
Keyloggers can also be a source of credit card or identity theft. If the information captured is sufficient for a hacker to steal enough identifying information he can often get credit cards or loans in the victim's name, which he can then turn around and use to purchase items that can then be sold for cash. As I understand it there may also be a "secondary market" for the actual information collected so that someone else can actually perform the identity theft.
It's worth pointing out that the term keylogger is actually inaccurate, or at least incomplete. Yes, many record only keystrokes, but many record much, much more including screen images, mouse clicks and position and other information that can make them almost impossible to bypass.
Link Hijackers and Toolbars
Relatively new to the scene, link hijacking malware does exactly what the name implies: when you search for something and click on the link of the result you wish to view, the hijack intercepts that and displays instead a page of advertising of some sort. The advertising may or may not relate to what you were searching for, depending on the sophistication of the malware.
Toolbars are also a fairly new threat, and can often do much more than just hijack a few links. Often toolbars come with a complete replacement of your browser's default search engine such that your searches are directed to their technology, or another technology from which the hacker can make money - either by displaying ads, or any purchases that you might make as a result.
While there are many valuable and helpful toolbars, malicious ones are capable of intercepting and monkeying with just about anything you might do in the browser, including acting as a keylogger, or displaying advertising for which the toolbar author is paid.
Ransomware has been on the rise of late, and is perhaps the most blatantly obvious use of malware to make money.
Once infected the target computer is somehow "locked" - sometimes even going so far as to encrypt the contents of the hard disk - and a message displayed that extorts payment for the code to unlock.
Particularly if encryption is used, alternatives are few2, and many people opt to simply make the payment, in the hope that the malware author will a) actually unlock as promised, and b) not misuse the payment information required to perform the unlock.
I'm certain I'm only skimming the surface, but you get the idea. The vast majority of malware prevalent today is all about making someone money. Typically it involves taking money from you and somehow giving it to them.
Even today while most is somehow related back to making money not all malware is.
Hackers started somewhere and when they did it typically involved experimentation, seeing what works, seeing how far they can get, and learning what works and what doesn't.
And I'm sure that, among their peers, bragging rights are still very much at play.
1: From the History section of the Computer virus article on Wikipedia.
2: The simplest and easiest recovery? Revert to a backup image taken before the infection occurred. Yet another reason for making sure you have appropriate, preferably daily, image backups in place.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.