We’ve come a long way since the days of infected floppy disks moving between DOS computers. Malware isn’t about messing with you, joking around, or just causing damage — it’s all about profit.
To understand why all this malware is out there and why people are making it, all you have to keep in mind is the profit motive. Criminals make malware and other nasty software to make money.
If you used computers in the 90s, you remember the first mainstream computer viruses. They were often practical jokes of just proofs of concepts, created to mess with your computer and cause damage by people with too much time on their hands. Getting infected by a piece of malware meant that your desktop might be taken over by a pop-up proudly proclaiming that you’ve been infected. Your computer’s performance might deteriorate as a worm tried to send as many copies of itself out onto the Internet as possible. A particularly vicious piece of malware might try to delete everything from your hard drive and make your computer unbootable until you reinstalled Windows.
For example, the Happy99 worm, considered the first virus to spread itself via email, existed only to spread itself. It emailed itself to other computers, caused errors on your computer while doing so, and displayed a “Happy New Year 1999 !!” window with fireworks. This worm didn’t do anything beyond spreading itself.
Keyloggers and Trojans
Malware creators are almost purely motivated by profit these days. Malware doesn’t want to inform you that you’ve been compromised, degrade your system performance, or damage your system. Why would a piece of malware want to destroy your software and force you to reinstall Windows? That would only be inconveniencing you and the malware’s creator would have one less infected computer.
Instead, the malware wants to infect your system and hide quietly in the background. Often, malware will function as a keylogger and intercept your credit card numbers, online banking passwords, and other sensitive personal data when you type it into your computer. The malware will send this data back to its creator. The malware’s creator may not even use these stolen credit card numbers and other personal information. Instead, they may sell it cheaply on a virtual black market to someone else who will take the risk of using the stolen data.
Malware may also function as a Trojan, connecting to a remote server and waiting for instructions. The Trojan will then download whatever other malware the creator wants it to. This allows a malware’s creator to keep using those infected computers for other purposes and update them with new versions of malware.
Botnets and Ransomware
Many types of malware also create a “botnet.” In effect, the malware turns your computer into a remotely-controlled “bot” that joins with other bots in a large network. The malware’s creator can then use this botnet for whatever purpose it likes — or, more likely, the botnet’s creator may rent access to the botnet to other criminal enterprises. For example, a botnet could be used to perform a distributed denial-of-service (DDoS) attack on a website, bombarding it with traffic from a huge amount of computers and causing the servers to become unresponsive under the load. Someone could pay for access to a botnet to perform a DDoS attack, perhaps of a competitor’s website.
A botnet could also be used to load web pages in the background and click on advertising links on a huge number of different PCs. Many websites make money each time a page loads or an advertising link is clicked, so these page loads and advertising link clicks — designed to look like real traffic from many different computers — can make the website money. This is known as “click fraud.”
Ransomware like CryptoLocker is an extreme example of this trend taken to its logical extreme. When it infects you, CryptoLocker will encrypt the personal files it finds on your computer with a secret encryption key and delete the originals. It will then pop up a polite, professional wizard asking you to spend money to get your files back. If you don’t pay, you’ll lose your files — but, don’t worry, they’ll accept several different methods of payment to make it convenient for you. You apparently will get your files back when you pay them — of course, because otherwise word would spread and no one would pay them. Performing regular backups can defeat CryptoLocker and we don’t recommend paying criminals their ransom, but this is a clear example of malware being for-profit. They want to cause just enough trouble for you that you’ll pay up to get them to go away.
Phishing and Social Engineering Attacks
Online threats aren’t just about malware, either. Phishing and other social-engineering attacks are now also a huge threat. For example, you might get an email claiming to be from your bank that might take you to an imposter website designed to look like your bank’s. If you enter your banking information, the attacker will be able to gain access to your bank account on your bank’s website.
These attacks are profit-driven in the same way malware is. The attacker isn’t performing a phishing attack just to mess with you — they’re doing it to gain access to your sensitive financial information so they can make a profit.
This lens can also help you understand other obnoxious types of software, like adware that displays advertisements on your computer and spyware that spies on your browsing information and sends it over the Internet. These obnoxious types of software are made for the same reason — profit. Their creators make money by serving you advertisements and tailoring them to you.