In a word: money.
It used to be about enjoyment and bragging rights, and I’ll speak to that in a moment.
In recent years, however, the nature of malware has changed dramatically, and you nailed it at the start: monetary gain.
It’s all about the money — lots and lots of money.
Become a Patron of Ask Leo! and go ad-free!
Malware
It used to be about bragging rights, but these days most malware is an attempt to make money. Examples include:
- malware installing hidden bots to send spam, making money for the spammer
- malware monitoring your keystrokes to gain access to your bank accounts
- malware encrypting your files then holding them for ransom
Regardless of the specifics, it generally all comes back to money.
The past: bragging rights
Malware has evolved.
The concept of viruses, or self-replicating programs, originated with early computer researchers but was never put into play.
The first viruses were essentially pranks or fairly benign proof that viruses could be created. Most simply displayed a message of some sort to indicate that they were present, and infected other computers through various means.
Interestingly, the first virus to be caught “in the wild” (meaning outside of the lab) was called Elk Cloner. It infected the Apple DOS operating system back in 1981. It was created by a 15-year-old as a joke.
Things went downhill from there.
As computers became more accessible and more networked hackers found the concept of infecting computers with malware challenging (and therefore fun), and began to compete with each other. Less savory elements went so far as to create malware that was destructive, raising the stakes of the competition.
The more computers infected, the more data destroyed, the better bragging rights the hacker garnered.
Others, however, saw different potential. For that, though, we need to veer into the world of spam.
Then came spam
Spam is nothing more than unsolicited and unwanted communication, typically in the form of email.
While the term is recent, the concept predates both the internet — and even the telephone. We’re talking the telegraph here:
The first recorded instance of a mass unsolicited commercial telegram is from May 1864. Up until the Great Depression, wealthy North American residents would be deluged with nebulous investment offers.1
Even then, what was to become spam boiled down to what we see today: unsolicited advertising of questionable products.
Or not so questionable. The first computer spam might be considered an email promoting a new model of Digital Equipment Computer. A fine computer, I’m sure; a not-so-fine approach to promoting it.
Fast forward to today, where an estimated 80 to 90% of all email flying around the internet is some form of spam.
It makes money
“No one buys that crap, do they?”
I hear that a lot. Most people know they should never, ever purchase anything because of or through spam.
Unfortunately, some do, indeed, “buy that crap”.
From the spammer’s perspective, the beauty of spam is twofold:
- It’s dirt cheap to send lots of spam — millions and millions of messages for next to nothing.
- It only takes a few sales to pay off.
So while you know enough not to fall for spam, not everyone does. Just the few who actually purchase those drugs, pornography, body-enhancement products, or whatever else is enough. Quite literally, if one person in a million makes a single purchase, it’s extremely likely the spammer has made money.
That’s why spam exists.
And that’s why we have spam to thank, not only for all that email, but for the earliest introduction of money into the equation.
Making money with malware
Malware today is primarily about someone, somewhere, making money.
Exactly how that happens differs depending on the circumstances and type of malware we’re talking about. Perhaps surprisingly, it sometimes comes back to spam.
Here are a few examples of malware.
Botnets
A botnet is a network of thousands of computers belonging to everyday people infected with software that, as much as possible, does no damage and attempts to hide its existence.
This network of computers can then be remotely programmed on the fly to send out massive amounts of — you guessed it — spam. The reason botnets are so popular for spam is that the email appears to come from the IP addresses of the infected computers, not the spammers. When combined with “From: spoofing“, the use of fake email addresses in the email’s “From:” line, it makes spam almost impossible to block based on its origin.
Established botnets can be rented by those wanting to send spam. In this way, botnet owners (or “bot herders”, as they’re sometimes called) make money.
Keyloggers
Keyloggers are a form of malware that also attempt to hide their existence. The point of a keylogger is to record the log-in credentials of the online accounts a computer’s user logs into. Once that information is captured, the hacker can access those accounts or sell those credentials to others.
Keyloggers can also be a source of credit card or identity theft. If a hacker captures enough identifying information, they can get credit cards or loans in the victim’s name, which can be used to purchase items that can then be sold for cash.
It’s worth pointing out that the term keylogger is inaccurate, or at least incomplete. Some record only keystrokes, but many record much, much more, including screen images, mouse clicks, and other information, making them almost impossible to bypass.
Link hijackers and toolbars
Not as common as it once was, link hijacking malware does exactly what the name implies: when you search for something and click on the link of the result you wish to view, the link is altered to a page of advertising (or something worse). The result may or may not even relate to what you were searching for, depending on the malware.
Malicious toolbars — also not as common as they once were — can do much more than just hijack links. They can completely replace your browser’s search engine, or even alter your browser’s behavior in some fundamental way, leading you to pages, advertisements, or even phishing scams through which they make money.
Ransomware
Ransomware is perhaps the most obvious way hackers make money. Files on the infected computer are encrypted, after which a message is displayed extorting payment for the code to decrypt them — the ransom. Alternatives are few2, and many people opt to make the payment in the hope that the malware author will unlock the data as promised.
I’m certain I’m only skimming the surface, but you get the idea. The vast majority of malware prevalent today is all about making someone money. Typically it involves taking money from you and somehow giving it to them.
Bragging rights are still at play
Not all malware is about making money, though.
Hackers started somewhere. Learning to hack involves experimentation, seeing how far they can get, and learning what works and what doesn’t.
And I’m sure that, among their peers, bragging rights are still very much at play.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Footnotes & References
1: From the History section of the Computer virus article on Wikipedia.
I think there is one other noteworthy category, namely sophisticated malware that is used to spy on organizations and governments and cause major trouble, such as Stuxnet, Flame and recently Red October. I’m not sure how widespread they are, but one of the concerns with them is that if that kind of sophisticated software ends up in the wrong hands, it could perhaps be used to make malware even more malicious.
22-Jan-2013
Or, as we tell people who tell us “I have nothing on my computer worth stealing — I don’t bank online with it, I don’t buy things online, I have no personal information on it”:
“Your computer’s internet connection is worth stealing.”
Of what value would a daily back-up be since the hacked infection additionally is saved and activates when and if you ever open the back-up?
S. Buddy Harris,
You’ll also have the backups from all the days before, so at the worst you just lose a day’s data.
Would a back up (I have Macrium and back up) work in a hostage situation? If your image is clean does it get around “them” demanding ransom? Or is it at somehow at a deeper level?
In MOST cases the backup is EXACTLY what you need to recover completely from Ransomware. Current versions of Macrium even include additional tools to protect the backup images themselves (aka “Image guardian”).
to S. Buddy Harris:
Opening a backup does not activate malware, and restoring does not require restoring all the latest files. You can restore up to a particular date
Suggestion: I know this is “knit-picky”, Leo, but you may want to start running a spell checker on your newsletters. This one was full of typos and omitted words.
23-Jan-2013
Thank you for the info Leo. I don’t always comment, but I always appreciate your information!
Those hackers who abound around our country and others need to be summarily dispatched with no qualms and thereby get rid of them.
I agree. They need to be hung in public with video coverage. This should stop most would-be spammers.
and yes, just like mike said, I am also one of the persons that don’t always comment, but always reading your article. I love your articles. :-).
I’ve asked you questions and bought you coffees accordingly…………..I read your newsletters and learn alot. What’s my point?? You’re great, keep up the excellent work !!!
Thank you for providing so much useful information in your newsletters. It is particularly useful being aware of the online threats.
Would like to read about recent JAVA hack and what’s being done about it. Keep up the good articles!! TY
Rick
Just an observation. Like in any other business effort “bragging rights” equate to reputation and word of mouth self-promotion.
Perhaps that is even more critical in the shadowy world of malware generation and distribution, where open advertisement of an illicit skill-set would be counterproductive.
So while “bragging rights” may actually serve to lift a malware author up the totem pole of peer prestige, it also has to be a benefit financially to the one earning those “bragging rights”.
It seems highly unlikely that the malware author who comes up with a successful system would have his code ignored by those who would want to use it for financial gain. The process of “bragging” about it would thus serve as both to boost peer prestige and a means of advertising that successful system for personal financial gain.
Very Important is the way IMAGE BACKUP IS SAVED…
Some of these Malware are designed to explode (becomes effective) after 30 days..So, it is important to keep Backups of more than 30 days, perhaps 45 days or more and have the variations (Data) saved SEPARATELY and added it, IF NECESSARY, to the RESTORED version. Yet this is not 100% foolproof as the “Data” might be infected, this is why i am stating “If necessary”!
I used Acronis for years, but about ten years ago it would appear some bug was written to thwart Acronis. Lost everything. Went to Macrium and to date has saved my bacon multiple times. Also, their tech support is second to none, they actually answer and can do a remote control of your computer (with your consent of course) and diagnose and tweak if needed. I’m sold.