Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why Does Malware Exist?

What monetary gain do malware creators have in creating their nasty stuff? Does someone pay them to do this? Or do they just do it for the sheer enjoyment of wreaking havoc?

It used to be about enjoyment and bragging rights, and I’ll speak to that in a moment.

In recent years, however, the nature of malware has changed dramatically, and you nailed it at the start: monetary gain.

It’s all about the money — lots and lots of money.

Become a Patron of Ask Leo! and go ad-free!

The past: bragging rights

Malware has evolved.

The concept of viruses, or self-replicating programs, originated with early computer researchers, but was never put into play.

The first viruses were essentially pranks, or fairly benign proof that viruses could be created. Most simply displayed a message of some sort to indicate that they were present, and infected other computers through various means.

Malware Interestingly, the first virus to be caught “in the wild” (meaning outside of the lab) was called Elk Cloner. It infected the Apple DOS operating system back in 1981. It was created by a 15-year-old as a joke.

Things went downhill from there.

As computers became more accessible and more networked hackers found the concept of infecting computers with malware challenging (and therefore fun), and began to compete with each other. Less savory elements went so far as to create malware that was destructive, raising the stakes of the competition.

The more computers infected, the more data destroyed, the better bragging rights the hacker garnered.

Others, however, saw different potential. For that, though, we need to veer into the world of spam.

Then came spam

Spam is nothing more than unsolicited and unwanted communication, typically in the form of email.

While the term is recent, the concept predates both the internet — and even the telephone. We’re talking the telegraph here:

The first recorded instance of a mass unsolicited commercial telegram is from May 1864. Up until the Great Depression, wealthy North American residents would be deluged with nebulous investment offers.1

Even then, what was to become spam boiled down to what we see today: unsolicited advertising of questionable products.

Or not so questionable. The first computer spam might be considered an email promoting a new model of Digital Equipment Computer. A fine computer, I’m sure; a not-so-fine approach to promoting it.

Fast forward to today, where an estimated 80 to 90% of all email flying around the internet is some form of spam.

It makes money

“No one buys that crap, do they?”

I hear that a lot. Most people know they should never, ever purchase anything because of or through spam.

Unfortunately, some do, indeed, “buy that crap”.

From the spammer’s perspective, the beauty of spam  is twofold:

  • It’s dirt cheap to send lots of spam — millions and millions of messages for next to nothing.
  • It only takes a few sales to pay off.

So while you know enough not to fall for spam, not everyone does. Just the few who actually purchase those drugs, pornography, body-enhancement products, or whatever else is enough. Quite literally, if one person in a million makes a single purchase, it’s extremely likely the spammer has made money.

That’s why spam exists.

And that’s why we have spam to thank, not only for all that email, but for the earliest introduction of money into the equation.

Making money with malware

Malware today is primarily about someone, somewhere, making money.

Exactly how that happens differs depending on the circumstances and type of malware we’re talking about. Perhaps surprisingly, it sometimes comes back to spam.

Here are a few examples of malware.

Botnets

A botnet is a network of thousands of computers belonging to everyday people infected with software that, as much as possible, does no damage and attempts to hide its existence.

This network of computers can then be remotely programmed on the fly to send out massive amounts of — you guessed it — spam. The reason botnets are so popular for spam is that the email appears to come from the IP addresses of the infected computers, not the spammers. When combined with “From: spoofing“, the use of fake email addresses in the email’s “From:” line, it makes spam almost impossible to block based on its origin.

Established botnets can be rented by those wanting to send spam. In this way, botnet owners (or “bot herders”, as they’re sometimes called) make money.

Keyloggers

Keyloggers are a form of malware that also attempt to hide their existence. The point of a keylogger is to record the log-in credentials of the online accounts a computer’s user logs into. Once that information is captured, the hacker can access those accounts or sell those credentials to others.

Keyloggers can also be a source of credit card or identity theft. If a hacker captures enough identifying information, they can get credit cards or loans in the victim’s name, which can be used to purchase items that can then be sold for cash.

It’s worth pointing out that the term keylogger is inaccurate, or at least incomplete. Some record only keystrokes, but many record much, much more, including screen images,  mouse clicks, and other information, making them almost impossible to bypass.

Link hijackers and toolbars

Not as common as it once was, link hijacking malware does exactly what the name implies: when you search for something and click on the link of the result you wish to view, the link is altered to a page of advertising (or something worse). The result may or may not even relate to what you were searching for, depending on the malware.

Malicious toolbars — also not as common as they once were — can do much more than just hijack links. They can completely replace your browser’s search engine, or even alter your browser’s behavior in some fundamental way, leading you to pages, advertisements, or even phishing scams through which they make money.

Ransomware

Ransomware is perhaps the most obvious way hackers make money. Files on the infected computer are encrypted, after which a message is displayed extorting payment for the code to decrypt them — the ransom. Alternatives are few2, and many people opt to make the payment in the hope that the malware author will unlock the data as promised.

I’m certain I’m only skimming the surface, but you get the idea. The vast majority of malware prevalent today is all about making someone money. Typically it involves taking money from you and somehow giving it to them.

Bragging rights are still at play

Not all malware is about making money, though.

Hackers started somewhere. Learning to hack involves experimentation, seeing how far they can get, and learning what works and what doesn’t.

And I’m sure that, among their peers, bragging rights are still very much at play.

If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,

Leo

Podcast audio

Play

Video Narration

Footnotes & References

1: From the History section of the Computer virus article on Wikipedia.

2: The simplest and easiest recovery? Revert to a backup image taken before the infection occurred. Yet another reason for making sure you have appropriate, preferably daily, image backups in place.

18 comments on “Why Does Malware Exist?”

  1. I think there is one other noteworthy category, namely sophisticated malware that is used to spy on organizations and governments and cause major trouble, such as Stuxnet, Flame and recently Red October. I’m not sure how widespread they are, but one of the concerns with them is that if that kind of sophisticated software ends up in the wrong hands, it could perhaps be used to make malware even more malicious.

    Espionage is overrated. Smile That’s not to say it doesn’t exist, just that the average computer user is impacted much more by more pedestrian money-making efforts.

    Leo
    22-Jan-2013
    Reply
  2. Or, as we tell people who tell us “I have nothing on my computer worth stealing — I don’t bank online with it, I don’t buy things online, I have no personal information on it”:

    “Your computer’s internet connection is worth stealing.”

    Reply
  3. Of what value would a daily back-up be since the hacked infection additionally is saved and activates when and if you ever open the back-up?

    Reply
    • Would a back up (I have Macrium and back up) work in a hostage situation? If your image is clean does it get around “them” demanding ransom? Or is it at somehow at a deeper level?

      Reply
      • In MOST cases the backup is EXACTLY what you need to recover completely from Ransomware. Current versions of Macrium even include additional tools to protect the backup images themselves (aka “Image guardian”).

        Reply
  4. to S. Buddy Harris:
    Opening a backup does not activate malware, and restoring does not require restoring all the latest files. You can restore up to a particular date

    Reply
  5. Suggestion: I know this is “knit-picky”, Leo, but you may want to start running a spell checker on your newsletters. This one was full of typos and omitted words.

    I’ve talked about it before, but I run what you might call a non-standard publishing model: write, publish, edit. I’m generally pretty good, though I have my bad days, but within a couple of days a “real” editor comes along and cleans things up.

    Leo
    23-Jan-2013
    Reply
  6. Those hackers who abound around our country and others need to be summarily dispatched with no qualms and thereby get rid of them.

    Reply
  7. and yes, just like mike said, I am also one of the persons that don’t always comment, but always reading your article. I love your articles. :-).

    Reply
  8. I’ve asked you questions and bought you coffees accordingly…………..I read your newsletters and learn alot. What’s my point?? You’re great, keep up the excellent work !!!

    Reply
  9. Thank you for providing so much useful information in your newsletters. It is particularly useful being aware of the online threats.

    Reply
  10. Just an observation. Like in any other business effort “bragging rights” equate to reputation and word of mouth self-promotion.

    Perhaps that is even more critical in the shadowy world of malware generation and distribution, where open advertisement of an illicit skill-set would be counterproductive.

    So while “bragging rights” may actually serve to lift a malware author up the totem pole of peer prestige, it also has to be a benefit financially to the one earning those “bragging rights”.

    It seems highly unlikely that the malware author who comes up with a successful system would have his code ignored by those who would want to use it for financial gain. The process of “bragging” about it would thus serve as both to boost peer prestige and a means of advertising that successful system for personal financial gain.

    Reply
  11. Very Important is the way IMAGE BACKUP IS SAVED…
    Some of these Malware are designed to explode (becomes effective) after 30 days..So, it is important to keep Backups of more than 30 days, perhaps 45 days or more and have the variations (Data) saved SEPARATELY and added it, IF NECESSARY, to the RESTORED version. Yet this is not 100% foolproof as the “Data” might be infected, this is why i am stating “If necessary”!

    Reply
    • I used Acronis for years, but about ten years ago it would appear some bug was written to thwart Acronis. Lost everything. Went to Macrium and to date has saved my bacon multiple times. Also, their tech support is second to none, they actually answer and can do a remote control of your computer (with your consent of course) and diagnose and tweak if needed. I’m sold.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.