Who is Making All This Malware – and Why?
The Evolution of Malware and its Underlying Motivations
The landscape of malicious software has dramatically shifted from the era of compromised floppy disks exchanged between DOS-based systems. Modern malware is rarely created for frivolous purposes like pranks or simple destruction.
Instead, the driving force behind the proliferation of malware is overwhelmingly financial gain. Understanding this core principle is key to grasping the reasons for its existence and continued development.
The Profit-Driven Nature of Cybercrime
The creation and distribution of malware, along with other forms of harmful software, are fundamentally motivated by the pursuit of profit by criminal entities. These individuals and groups seek to monetize their malicious activities.
It’s crucial to recognize that the development of malicious software isn’t about causing chaos; it’s a business model for cybercriminals.
- Criminals develop malware to generate revenue.
- The primary goal is financial exploitation.
- Understanding this motive is essential for cybersecurity awareness.
Related: Not All "Viruses" Are Viruses: 10 Malware Terms Explained
The focus has shifted from simply disrupting systems to exploiting vulnerabilities for financial benefit. This includes activities like data theft, ransomware attacks, and fraudulent schemes.
Early Malware
Those who utilized computers during the 1990s likely recall the initial widespread computer viruses. These were frequently created as pranks or demonstrations of technical skill, intended to disrupt computer functionality and inflict harm by individuals with ample free time.
Infection with malware often manifested as a pop-up message asserting that your system had been compromised, or a noticeable decline in performance as a worm attempted to propagate itself across the internet.
More aggressive malware could even attempt to erase all data from your hard drive, rendering your computer unusable without a complete Windows reinstallation.
Initial Virus Characteristics
The Happy99 worm, recognized as the first virus to disseminate through email, served solely to replicate itself. It functioned by sending copies to other computers.
This process resulted in errors on the infected system and displayed a "Happy New Year 1999 !!" message accompanied by a fireworks animation. Notably, the worm’s functionality was limited to self-propagation.
Keyloggers and Trojans
The primary driving force behind malware development today is financial gain. Modern malware is not designed to simply announce its presence, hinder system operation, or cause damage. The objective isn't to disrupt your software or necessitate a Windows reinstallation.
Such actions would only inconvenience the user and diminish the number of compromised machines available to the malware author.
Keyloggers and Trojans represent common methods employed by malicious actors. Instead of overt disruption, malware aims for stealthy infiltration and prolonged, undetected operation.
A keylogger, for instance, silently monitors your keystrokes, capturing sensitive information like credit card details and online banking credentials as you input them. This intercepted data is then transmitted back to the malware's originator.
Interestingly, the creator of the malware may not directly exploit this stolen information. They frequently opt to sell it at a reduced price on illicit online marketplaces to individuals willing to assume the risk of fraudulent activity.
Alternatively, malware can operate as a Trojan, establishing a connection to a remote server and awaiting commands. Upon receiving instructions, the Trojan downloads additional malicious software specified by the attacker.
This capability allows malware authors to maintain control over infected systems, repurpose them for various malicious activities, and deploy updated malware versions.
Botnets and Ransomware
Numerous forms of malware also establish what is known as a "botnet." Essentially, this involves the malware converting your computer into a remotely operated "bot," which then integrates into a substantial network alongside other bots.
The originator of the malware can subsequently utilize this botnet for various objectives, or, more commonly, lease access to it to other criminal organizations. A typical application of a botnet is launching a distributed denial-of-service (DDoS) attack against a website.
This attack overwhelms the target with traffic originating from a vast number of computers, rendering the servers unresponsive. Individuals may pay for botnet access to execute DDoS attacks, potentially targeting a competitor’s online presence.
Furthermore, botnets can be employed to silently load web pages and activate advertising links on a multitude of devices. Websites generate revenue with each page load or ad click.
Consequently, these artificially generated page views and clicks—designed to mimic legitimate user activity—can be monetized. This practice is referred to as "click fraud."
Related: How to Protect Yourself from Ransomware (Like CryptoLocker and Others)
Ransomware, such as CryptoLocker, represents a particularly severe manifestation of this trend. Upon infection, CryptoLocker encrypts personal files using a unique encryption key and then deletes the original versions.
A user-friendly wizard then appears, requesting payment in exchange for file decryption. Failure to comply results in permanent data loss. Multiple payment options are offered for convenience.
While paying the ransom may restore access to your files – as the perpetrators rely on this to maintain their operation – it is generally advised against. Regular data backups are a more effective defense against CryptoLocker.
This exemplifies malware as a for-profit venture, aiming to inflict sufficient disruption to compel payment for resolution.
Understanding Phishing and Social Engineering Attacks
The landscape of online security extends beyond the realm of malicious software. Phishing and various social engineering tactics represent a significant and growing danger to internet users.
A common example involves deceptive emails that appear to originate from legitimate sources, such as financial institutions. These emails often redirect recipients to fraudulent websites meticulously crafted to mimic the authentic appearance of their bank.
Should a user inadvertently submit their credentials on such a site, the attacker gains unauthorized access to their banking account.
The motivation behind these attacks mirrors that of malware distribution – financial gain. Perpetrators do not engage in phishing simply to cause disruption; their primary objective is to acquire sensitive financial data for illicit profit.
The Profit Motive Behind Malicious Activities
It's important to recognize the underlying economic drivers of these threats. The creation of unwanted software, like adware and spyware, is also fundamentally rooted in profit.
Adware generates revenue by displaying advertisements on a user’s computer, while spyware secretly monitors browsing activity and transmits this information over the internet.
The developers of these programs profit through targeted advertising and the sale of collected user data.
Related: Discover more about Social Engineering and effective preventative measures.
Image Credit: Sean MacEntee on Flickr, Happy99 worm from Wikimedia Commons, Szilard Mihaly on Flickr