Viruses now a money maker

Used to be, computer viruses were making front-page headlines. Even as recently as the beginning of this millennium, and even more so in the late 1990s of the previous century, there wasn’t a week without another major scare.

Where have all the computer viruses gone? Viruses have gone underground. They make money.

When broadband Internet connections went mass-market in the late 1990s and early into the new millennium, conditions were ripe for exploitation. Consumers connected affordable computers to very fast, always-on Internet connections. And even better: they were naïve.

In 1999, the Melissa worm, named after an exotic dancer its author was obsessed with, tore across the Internet as an e-mail attachment. A worm is a virus that travels on a network without human help.

In 2003, the Lovesan worm (also known as the Blaster worm), using macro technology in Windows Word, spread across the Internet over two days, picking up momentum as it went. Its objective was to infect personal computers and harness them to bombard Microsoft’s Windows Update servers with millions of bullets of data.

Then the pernicious and virulent digital infections seemingly stopped. Or, at least, there were no more headline-making outbreaks compared to what had come before.

But why?

Early virus writers wrote this stuff to help their egos. But someone somewhere recognized that there was money to be made, infecting Internet-connected computers and keeping the infections secret.

Malware programmers realized their worms could be drones that could penetrate a computer’s defenses, installing a “bot”, an automated program that could open up a communications channel back to the mother ship somewhere on the Internet, and wait for a command.

Commanded to act all at once, this botnet, as a network of bot-infected machines is called, can be a powerful revenue tool. Spam distribution is one of the most effective uses for botnets.

Sending massive amounts of commercial e-mail is a numbers game. If a spammer sends an ad to a million of unsolicited e-mail boxes, one in a thousand is clicked. Beyond spam that sells pornography and medication (like Viagra), the third most successful type of spam advertises Rolex watches. According to CipherTrust, 0.0075 percent of those promotions get clicked on. A spammer can become very rich very quickly.

Botnets are extremely effective because it’s very hard to shut the source of spam down. It’s coming from thousands of infected but otherwise innocent personal computers.

Extorting large companies is another way to use botnets. Perpetrators can trigger bots from a safe distance to send repeated packets of data at a target computer. A rock thrown at a mailbox might create a ding, but a dump truck of rocks will flatten it. A botnet made up of hundreds of thousands of computers can deliver that hail of data.

The other malware revenue driver is identity theft, the fastest-growing crime on the Internet. It is quickly becoming one of the key uses for malware on the Internet. Snooper software can be used to capture personal data and transmit it back home. Technically, this malware technique draws from virus, worm and spyware technology. A virus or worm penetrates a computer and then a bot may download further spyware tools to collect identity information from its host computer and send it home to its creator.

Malware writers now use virus technology combined with a root kit (a program that hides the presence of a virus from anti-virus programs) to infect a machine. This bot can be used to deploy spyware programming. This snoop software includes keyloggers which watch and record keystrokes as well s other data collection tools.

The eco-system that supports identity theft is highly organized. Freelance malware programmers use their tools to steal your personal information from your computer and then they sell it to criminals who exploit the data, accessing perhaps your online bank account and cleaning it out.

“It is no longer a cottage industry. It is funded by crime rings,” explains security expert Ron Nguyen, Director of Consulting at FoundStone, a division of McAfee.

Malware has become an extremely effective method to steal data, said Nguyen. So the crime rings have an inventory problem. “There’s a glut of stolen identities. So if yours is stolen, it may not get used for six to nine months down the road.”

The freelancer receives a fee for each identity they hand over. How much? In the dark economy of identity theft, you are worth a buck.