Computer viruses and malware.

What’s the deal with computer viruses and malware? My anti-virus software updates itself regularly with new “definitions”. This implies to me that people somewhere are busily writing new viruses and malware daily and unleashing these via the internet. Meanwhile, across town, someone is searching the internet for these viruses and deliberately catching them so that counter-measures can be written and distributed. Do these activities keep a lot of people gainfully employed? Obviously the people creating the new definitions are paid by the makers of the commercial anti-virus software. Are the virus and malware creators earning anything from their efforts and if so, from whom? If not, what would motivate someone to do this? How do the anti-virus people find so many of these viruses on a regular basis?

There are many reasons for people to create viruses. The most common one today is indeed very lucrative for those who create them.

Most viruses these days turn computers into 'bots. They then are under the control of the malware creator, who can use them to set off Distributed Denial of Service attacks – essentially overloading a website. The creator then contacts the website and demands money or their site will be unavailable. Often, they can get paid. In addition, the biggest malware going around today is a fake antivirus program that demands you buy their software to clean it. It doesn’t clean it (though you may get fewer popups), but they have your money and credit card number (and your computer is still a bot).

The most common one these days – Antivirus XP 2009 and its many variants – was estimated to make $5 million a year from these tricks.

Older viruses were primarily hackers showing off – finding new ways to beat security. There are still some of these.

Antivirus firms keep up in various ways: customers send them virus codes; they have “honeypots” – unsecured computers practically begging for viruses; they scan e-mail traffic. Once they find a virus, they develop new definitions and distribute it, but the speed at which viruses spread often leaves them behind the curve.

Yes, there’s a lot of money in malware. One of the biggest reasons to write malware these days is to try to surreptitiously seize control of people’s home computers so that they can be used to sand massive volumes of spam. If somebody writes a piece of infectious software that manages to hijack, say, 50,000 PCs can then sell that botnet for a pretty penny on the black market.

Other purposes for malware include regular old fraud and identity theft. With more and more people storing sensitive information and conducting business transactions online, there’s plenty of opportunity for profit if you can steal people’s bank account numbers, passwords, and so on.

And, of course, there are still those few who write destructive viruses because they get a sick thrill out of it, but they’re a minority compared to the for-profit organized crime crowd now.

Brian Krebs at WashPo addresses the profit in malware here:

Massive profits:

Franchising:

Profitable phone hacking:

Profitable phishing:

Also multi-millionare spammer Alan Rasky:

Just had to post the obligatory xkcd.

Not only unsecured- idiots that leave their computers on 24/7. When you’re not using it, and you’re not about to use it, turn it off.

:dubious:

Not sure what this has to do with viruses or malware. If a computer is inadequately protected, it’s going to be owned before too long whether it’s on twenty four hours a day or three. And lots of people “use” their computers 24/7 – running a web server, seeding torrents, folding@home, or what have you.

It’s pretty damn hard for your computer to be used as a zombie when it’s off.

It’s much harder for it to be used as a zombie when it never gets infected in the first place. :smiley:

I don’t know if I’m right here, but in my experience this is a bad idea. Most computers I come into contact with that have somehow got viruses, got them within the first few minutes of the computer being turned on.
A person will boot it up, go straight onto the internet, check their mail, and boom - they got a virus somehow.
If you leave your PC on, your anti-virus software will stay updated. There will be no waiting around for it to find your connection to download new definitions. And if there’s some sort of virus outbreak on the net and there needs to be a quick update, you can be protected by that.
I see no benefit of turning a desktop off unless absolutely required, it doesn’t even use that much power.

Oh, not to mention that when you have a virus, turning your computer off can be a Very Bad Thing. You can suddenly find yourself unable to log in again. At least if its on you can fix it, or call in the pros to fix it (and save your data of course).

Theres nothing really wrong with leaving PCs on 24/7. Theyre either patched or they are not. Better prevention (patching, virus scanning, good email/web habits, not running as admin) than shutting things off.

There’s a few things to consider there.

First of all spam, C-NET reports 29% of people surveyed BOUGHT something from a spam (unsolicited) email they received. CNN and CNBC report similar numbers (between 25% and 35%). That’s HUGE. Considering the cost to mail it (basically nothing), that’s a heck of a return on an investment.

Second of all, there are people who do “reverse engineering.” What is this? This is taking a product and cracking the code. Now some people may think, why? It’s a waste of time? You’re stealing etc, etc. Leaving all those arguments aside, “reverse engineering” of computer programs is a great challange.

It’s basically a hobby for those who like to think? Do you do crosswords? Do you jig-saw puzzels? Those are a waste of time, but they have to be figured out. Reverse engineering is the same thing. It works like this, I go to MS and download a trial version of their MS Office. Now it’s my challange to make a code that works as if I bought it. Even if the guy doesn’t intend to use the product, it’s still a great challange, to reverse the code and figure it out. (Yes, it’s still wrong, but it’s a challange.)

So Mr Jones, reverse engineers a code and you can take your trial version of MS Office and activate it. And of course he’s proud, so he goes online and says “Look what I did.”

This has three effects, his geek buddies say “Wow, you’re smarter than me.” And they aren’t ones to be “one upped” so they immediately go to work on finding a harder program to crack. So now you have yet another program that’ll be cracked.

Now while these geeky guys are in it for the challange, despite it being wrong, MS finds out and is like “OK we learned something, and they go to fix the hole.” So while MS doesn’t like it, they use it. Because now they know a hole exists in their coding and they work to replace it. So now every generation of coders from that point on, knows not to do that when they are writing code.

The last thing is people who are, less than forthright, shall we say, will take this “reverse engineered code, and insert malware or a virus.” Hey people want free things. So you get the trial version of MS Office, use this geeks “keygen” and it works. Now your friend does this too, but by the time he gets it the “keygen” now has a trojan in it to turn your computer into a spam machine.

The thing about it is, there doesn’t have to be a profit motive. These geeky guys (and I’m using that term in a good way), LIKE to write to codes, they like to break coding, it’s like crossword or knitting or any other hobby.

Finally realize a lot of these viruses and trojans get loaded because people aren’t aware or don’t know how to properly download things. For instance EAC (Exact Audio Copy) is a great ripper for CDs, probably the best, and it’s free.

Because it’s free some people will “repackage it” adding a few more convenient features and a TROJAN as well.

So you think you’re getting EAC and it works like EAC and you’re getting EAC but you’re getting something else too.

This is why you need to ONLY download free software from the offical site or from places like Snapfiles, where you can read reviews and such.

HorseloverFat scooped my cites. My favorite thing from those articles is that the purveyors of rogue antivirus software are sufficiently organized to have a system of distributors and monthly sales reports. One of Krebs’s articles describes one group running a competition for best salesperson.

First place was a Lexus.

The analysis is fine, but really only applies to a small percentage of malware these days. Hardly any malware is distributed in hacked program files; it may have been true in 1989, but no more. Even e-mail distribution of malware is fading away, replaced by various online trojan programs. Malware depends on massive numbers of computers installing the program and including it in fake program files doesn’t get it distributed widely enough or fast enough (antivirus will be updated before more than a handful will download the files).

Not that you shouldn’t be careful, but this model is rare.

Actually. email attachments is how the storm botnet was created. Tricks like greetingcard.exe still work.

That’s not reverse engineering; that’s cracking.

Reverse engineering has a specific meaning; it’s the creation of a legal workalike from publically-available information.

Open Office is an example of this; they took Microsoft’s files and figured out what is in them, then created a completely-separate program whose internal functioning may or may not have been different than that of MS Office, but which could read and write the same files. They did not have access to any of Microsoft’s proprietary information.

Reverse engineering software has traditionally meant understanding a program/re-creating source from machine code.

Wow, that’s a lot of questions.

  1. Are people somewhere busily writing new viruses and malware?
    Yes, definitely. Some of the viruses and malware even continuously update themselves with downloaded patches from their authors, thus dodging the latest cures designed to kill’em. Notable examples of self-updating viruses and malware are the Conficker rootkit virus and some programs that pretend to be antivirus programs but actually fake their virus hunts while downloading and installing new viruses onto your PC!

  2. Do these activities keep a lot of people gainfully employed?
    Yup, sure do. Interestingly, roughly half the volume of malware are programs with significantly limited scope, used to commit industrial spying on specific companies or take down specific individuals, ethnic/social groups, corporations, and so on. According to a BBC program this past summer that included interviews with antivirus guru Kaspersky, commissioning a custom trojan virus or malware can cost as little as $250. (Good luck finding the guys who write them, though. It’s not like they advertise on eBay!)

We’re also getting into second-level marketing, where it’s possible to buy KITS and SOFTWARE SUBSCRIPTIONS that include passwords to PC networks and websites, bundled with software components that allow you to write your own virus. People who make their viruses in this way are the majority, these days. Unsophisticated virus-writers who use these kits are called “script kiddies”, a name that emphasizes the contempt that even fellow virus-writers feel for them.

Is the PC security business booming?

Yup. Paranoia pays, apparently. No doubt the industry benefits from some carryover from the general social paranoia about terrorism, drug dealers, and communists hiding under your bed. Nothing sells like fear of an invisible, uncountable enemy.

What I find odd is that governments haven’t simply pushed private industry aside and created a sort of geeky Interpol to catch virus writers, issue antivirus programs, and so on. A lot of time and effort are wasted simply because of the nature of private competitive industry: lack of cooperation, lack of information-pooling, redundant research, and so on.

For example, there isn’t even a common “dewey decimal system”-type cataloging & naming system used to refer to the thousands of viruses, so normal folk are at a loss to hunt around for multiple cures for a particular virus: Microsoft may say Conficker comes in A, B, C, and D versions while another company calls the same virus Upndown A, B, and C.

To protect yourself from the runaway costs of antivirus, firewall, and anti-malware software, stay informed and realize four important facts:

a) Many of the best ones are FREE. Avira antivirus, Spybot Search & Destroy, and Comodo Firewall all have free versions that rank in the top 5 (free or paid for) in their fields.

b) Big names don’t mean much. Avira and Eset Nod32, for example, are poorly known names but actually compare favorably to “big software vendors” like Norton Symantec and MacCaffee.

c) Security “suites” that try to do everything probably only do one thing well, so don’t be suckered in by “do-it-all” bundles. Shop for your firewalls, antiviruses, anti-spam filters, and anti-malware programs separately.

d) Many times, these programs don’t play well with others. I mean, if you have one firewall, don’t install another so you can get twice the protection. If you have one antivirus program, installing & running another will probably make them “fight” rather than cooperate.

  1. How do the anti-virus people find so many of these viruses on a regular basis?
    Heuristics and reporting.

“Heuristics” is a fancy word for “if it walks like a duck, looks like a duck, and quacks like a duck, it’s a duck.” Most anti-spyware and anti-virus programs have a feature that allows you to adjust how much guessing the software will do. In its most dont-bodder-me mode, the software will turn off heuristics and only warn you of a virus if the virus completely matches the description of a known offender. In its most paranoid mode, the software will make lots of intuitive guesses and occasionally produce false positives.

By “reporting”, I mean that Windows and many antivirus programs are capable of sending reports and virus samples from your PC back to the antivirus manufacturers via the Internet.

If it seems like spyware has gotten worse lately, it is not your imagination.

Fake anti-virus spyware detections skyrocketed from around 22,000 in January to over 150,000 in June.

No, they already had the virus, the reboot just allowed it to launch additional components via startup tasks/registry edits, that required a reboot to work.