In a word: money.
It used to be about enjoyment and bragging rights, and I’ll speak to that in a moment.
In recent years, however, the nature of malware has changed dramatically, and you nailed it at the start: monetary gain.
It’s all about the money — lots and lots of money.
Become a Patron of Ask Leo! and go ad-free!
It used to be about bragging rights, but these days most malware is an attempt to make money. Examples include:
- malware installing hidden bots to send spam, making money for the spammer
- malware monitoring your keystrokes to gain access to your bank accounts
- malware encrypting your files then holding them for ransom
Regardless of the specifics, it generally all comes back to money.
The past: bragging rights
Malware has evolved.
The concept of viruses, or self-replicating programs, originated with early computer researchers but was never put into play.
The first viruses were essentially pranks or fairly benign proof that viruses could be created. Most simply displayed a message of some sort to indicate that they were present, and infected other computers through various means.
Interestingly, the first virus to be caught “in the wild” (meaning outside of the lab) was called Elk Cloner. It infected the Apple DOS operating system back in 1981. It was created by a 15-year-old as a joke.
Things went downhill from there.
As computers became more accessible and more networked hackers found the concept of infecting computers with malware challenging (and therefore fun), and began to compete with each other. Less savory elements went so far as to create malware that was destructive, raising the stakes of the competition.
The more computers infected, the more data destroyed, the better bragging rights the hacker garnered.
Others, however, saw different potential. For that, though, we need to veer into the world of spam.
Then came spam
Spam is nothing more than unsolicited and unwanted communication, typically in the form of email.
While the term is recent, the concept predates both the internet — and even the telephone. We’re talking the telegraph here:
The first recorded instance of a mass unsolicited commercial telegram is from May 1864. Up until the Great Depression, wealthy North American residents would be deluged with nebulous investment offers.1
Even then, what was to become spam boiled down to what we see today: unsolicited advertising of questionable products.
Or not so questionable. The first computer spam might be considered an email promoting a new model of Digital Equipment Computer. A fine computer, I’m sure; a not-so-fine approach to promoting it.
Fast forward to today, where an estimated 80 to 90% of all email flying around the internet is some form of spam.
It makes money
“No one buys that crap, do they?”
I hear that a lot. Most people know they should never, ever purchase anything because of or through spam.
Unfortunately, some do, indeed, “buy that crap”.
From the spammer’s perspective, the beauty of spam is twofold:
- It’s dirt cheap to send lots of spam — millions and millions of messages for next to nothing.
- It only takes a few sales to pay off.
So while you know enough not to fall for spam, not everyone does. Just the few who actually purchase those drugs, pornography, body-enhancement products, or whatever else is enough. Quite literally, if one person in a million makes a single purchase, it’s extremely likely the spammer has made money.
That’s why spam exists.
And that’s why we have spam to thank, not only for all that email, but for the earliest introduction of money into the equation.
Making money with malware
Malware today is primarily about someone, somewhere, making money.
Exactly how that happens differs depending on the circumstances and type of malware we’re talking about. Perhaps surprisingly, it sometimes comes back to spam.
Here are a few examples of malware.
A botnet is a network of thousands of computers belonging to everyday people infected with software that, as much as possible, does no damage and attempts to hide its existence.
This network of computers can then be remotely programmed on the fly to send out massive amounts of — you guessed it — spam. The reason botnets are so popular for spam is that the email appears to come from the IP addresses of the infected computers, not the spammers. When combined with “From: spoofing“, the use of fake email addresses in the email’s “From:” line, it makes spam almost impossible to block based on its origin.
Established botnets can be rented by those wanting to send spam. In this way, botnet owners (or “bot herders”, as they’re sometimes called) make money.
Keyloggers are a form of malware that also attempt to hide their existence. The point of a keylogger is to record the log-in credentials of the online accounts a computer’s user logs into. Once that information is captured, the hacker can access those accounts or sell those credentials to others.
Keyloggers can also be a source of credit card or identity theft. If a hacker captures enough identifying information, they can get credit cards or loans in the victim’s name, which can be used to purchase items that can then be sold for cash.
It’s worth pointing out that the term keylogger is inaccurate, or at least incomplete. Some record only keystrokes, but many record much, much more, including screen images, mouse clicks, and other information, making them almost impossible to bypass.
Link hijackers and toolbars
Not as common as it once was, link hijacking malware does exactly what the name implies: when you search for something and click on the link of the result you wish to view, the link is altered to a page of advertising (or something worse). The result may or may not even relate to what you were searching for, depending on the malware.
Malicious toolbars — also not as common as they once were — can do much more than just hijack links. They can completely replace your browser’s search engine, or even alter your browser’s behavior in some fundamental way, leading you to pages, advertisements, or even phishing scams through which they make money.
Ransomware is perhaps the most obvious way hackers make money. Files on the infected computer are encrypted, after which a message is displayed extorting payment for the code to decrypt them — the ransom. Alternatives are few2, and many people opt to make the payment in the hope that the malware author will unlock the data as promised.
I’m certain I’m only skimming the surface, but you get the idea. The vast majority of malware prevalent today is all about making someone money. Typically it involves taking money from you and somehow giving it to them.
Bragging rights are still at play
Not all malware is about making money, though.
Hackers started somewhere. Learning to hack involves experimentation, seeing how far they can get, and learning what works and what doesn’t.
And I’m sure that, among their peers, bragging rights are still very much at play.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!