Why Does Malware Exist?
Computer viruses are everywhere. Spam is abounding. Computer intrusions, identity theft, denial of service attacks and other cybercrimes are commonplace. Who does this stuff, and what’s wrong with them? Let's take a look at what motivates the miscreants who menace millions on the Internet...
Hackers, Spammers and Cybercriminals
Have you ever wondered why there's so much spam, so many computer viruses, rampant identity theft, and other perils of using the Internet? Perhaps it boils down to the ancient philosophical question, “Why is there evil in the world?”
Greed is the most common motivation for cybercrimes, as it is in the real world. There are big bucks to be made in malware that steals credit card, bank account, and identity details, corporate secrets, and other valuable data. The gullible will readily give money in exchange for counterfeit goods or just the false promise of goods. Some people will pay good money to have business competitors beaten up online. Most of the online damage is done for money.
Hatred is another ugly motivator. Often, it is disguised as heroism, a noble fight against a perceived evil enemy, which may be an individual, organization, corporation or government. But it’s hatred, none the less. Examples of this include those who maliciously deface the websites of organizations with whom they disagree. Or it could be a group like Anonymous or LulzSec that perpetrate denial of service attacks against their philosophical enemies.
Egotism is a third motivation. The desire to show the world how good your skills are, to do what others have failed to do, to make yourself look smart by making others look stupid, are all very satisfying to insecure egos. Some hacking groups have done this by breaking into websites, stealing embarrassing or confidential information, and publishing it online.
Grab That Cash With Both Hands and Make a Stash...
How do cybercrooks make money? The answer has changed over time. But mostly, it’s All About the Money. (Hat tips to Pink Floyd and Travis Tritt.)
Sanford Wallace was the original self-styled “Spam King.” In the 1990's, he had an ostensibly legitimate advertising business, sending out millions of unsolicited emails that advertise products or services for sale. He got paid a pittance for each email he sent, and a commission for each sale consummated in response to an email. According to “Spamford,” he made millions of dollars providing a perfectly legal service to merchants and consumers.
But eventually, spam stopped paying so well. Spam filters improved, and consumers became more wary of unsolicited offers. Spammers increasingly switched from selling things in annoying but legitimate ways to deliberately trying to defraud people.
Most modern spam intends to sell your identity, not to sell you a product. That cheap product may not even exist; all that matters is that you complete the order form with your name, address, and credit card or bank account data. This data is sold to others who take the risk of making bogus charges and cash withdrawals.
Many millions of people fall for such ID theft, depressing the market value of an individual’s information. Spammers, or phishers as most of them are these days, have to do very high volumes of mailings to make any serious money. So they turn to malware in order to get others to work for them for free.
Botnets, Scammers and Hackers
Botnets are networks of computers that have been enslaved by hidden malware. The botnet malware uses a slave computer to make more mailings and distribute copies of itself, all unbeknown to the computer’s owner. A botnet is controlled and directed from a central server, which receives the stolen identity information. A few highly successful botnets have enslaved millions of computers worldwide. See my related article BOTNET ALERT: Are You Vulnerable? http://askbobrankin.com/botnet_alert_are_you_vulnerable.html to learn more about botnets, and some encouraging news about the takedowns of some of the biggest offenders.
Then there are the low-volume, high-value cybercrooks. They include so-called Nigerian "419 scammers" who find affluent and gullible victims to milk for thousands of dollars. I wrote about the 419 Scam http://askbobrankin.com/nigerian_scammers.html back in 2006, and it's still going strong today. They also include online bank robbers who hack into financial institutions and steal millions at once, often just skimming a few unnoticed cents off of each customer’s account. One of the boldest cases involved the theft of over $45 million in 27 countries over the course of a few hours.
In that case, hackers broke into the networks of several banks and swiped PINs associated with the banks’ own accounts, not those of customers. Debit cards were forged that could use the stolen PINs to withdraw cash from ATMs. Hundreds of co-conspirators drained ATMs dry at approximately the same time, delivering the ringleaders’ share of the cash to their bosses and pocketing their wages. Only seven New Yorkers have been arrested in that case so far.
Cybercrime and (occasionally) Punishment
Relatively few online crooks are caught and punished. It’s very difficult to investigate and prove such crimes because the criminal activity is hard to trace and often spans international borders. The few successful prosecutions we read about tend to be very large cases that are worth the trouble and expense to prosecutors. One recent arrest involved the alleged ringleader of the LulzSec hacking organization. http://mashable.com/2013/04/24/lulzsec-arrested-australia/
"Spamford" Wallace now faces the prospect of jail time and fines of several hundred million dollars. Oleg Nikolaenko is a 25 year-old Russian “spam king” who allegedly ran a botnet that churned out over 10 billion spam emails every day, an estimated one-third of all spam in the world. He is currently awaiting trial in a Wisconsin jail on charges of violating the U.S. CAN-SPAM Act. A few other spammers have been convicted, but thousands more remain in business.
There is no end in sight to the war on cybercrime, and sadly, most goes unpunished. The best that you can do is try to avoid becoming a victim. Keep your malware and anti-spam defenses up. Be wary of phishing attempts. Monitor your credit and bank accounts for unauthorized transactions. Look for more computer security information on on this website, or check out my ebook "Everything You Need to Know About INTERNET SECURITY and PRIVACY".
Your thoughts on this topic are welcome! Post your comment or question below...
This article was posted by Bob Rankin on 17 May 2013
|For Fun: Buy Bob a Snickers.|
Best Browser for Malware Protection?
The Top Twenty
Send Money With Gmail
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Why Does Malware Exist? (Posted: 17 May 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved