Helping people with computers... one answer at a time.
Viruses used to be mostly just techie/nerdy accomplishments, but of late viruses have become a booming business due to spam.
Why do people make these viruses and worms? How do they get distributed so widely? Are people forwarding them? Is there some database of emails that malicious people have? What do they gain by sending worms and viruses?
"Why" has actually changed over the years. It turns out that viruses have become a big business. Yes, there are people making money writing and distributing viruses. How is that possible, you ask?
Why do people make these viruses and worms? What do they gain by sending worms and viruses?
Originally viruses were mostly the product of individuals who just wanted to cause trouble, make a name for themselves by breaking things, or who were trying to get some kind of revenge against someone else. They did it for "fun", for recognition among their peers, or "just because".
While those folks are still out there I don't believe that they represent the majority of virus sources any longer. We're now seeing the "professional" virus writer emerge.
Here's how that works:
Someone creates a virus that does two things: propagates itself (more on that in a second) and installs well-hidden remote-control software on the machines it infects. A "zombie" machine or "bot machine" has just been created that can be controlled by the virus writer.
Once enough zombies are created the virus-writer has an army of machines at his command - often referred to a botnet or zombie army. The virus writer is now a "bot herder" as he is able to control or "herd" that network of machines.
He then sells the "services" of his network of zombies. Typically to spammers.
The zombie network then starts sending out massive amounts of spam.
The spammers make money because just enough people actually buy the stuff that spam is selling.
The anti-virus companies eventually identify and block the virus that started all this.
The virus writer writes a new virus, and the process starts all over again.
How do they get distributed so widely?
For example, if you've recently been notified that you've received some kind of electronic greeting card from a friend; particularly if you've gotten lots of notifications and you're getting cards from "a friend", "a mate", "a classmate" and so on, then your seeing one of the a current viruses try to propagate.
The infected machines using their spam-sending abilities to send out copies of themselves via email. And enough people are still unprotected and fall for the fake email that hundreds of thousands, if not millions of machine get infected.
Are people forwarding them?
Not intentionally, no. But if your machine is infected with one of these viruses then your machine may very well be sending out massive amounts of spam without your knowledge or direct participation.
Needless to say, that's a very strong argument for making sure you're keeping your computer safe on the internet.
Is there some database of emails that malicious people have?
In fact there are probably thousands of such databases. And like me, your email address is probably in some, if not most of them.
These databases are generated several ways.
The most common includes looking for anything that appears to be an email address on web pages, news groups and other public forums. That's one reason I so strongly recommend you never post your email address in a comment on a blog, for example. (NOTE: that submitting it when requested or required may not be a problem - what's important is that it not show up when the comment is published.)
Another that's less common as email programs have gotten smarter are viruses that extract the email addresses from the address books on infected machines.
But there doesn't even have to be a database involved. A lot of spam is sent to email addresses that don't exist because the spammers just try lots of common email names combined with known domains on the internet. Enough happen to be real addresses that the failure of the rest just doesn't matter.