Malware Equals Money

by on Mar 2, 2006 | 1 comment

“My computer is running really slowly and I’m getting tons of pop-ups.”  It probably wouldn’t be hyperbole to say that this is the most commonly uttered computer-related comment.  As most of us know, slowness and pop-ups are classic symptoms of malware – viruses, worms, trojans, adware and spyware.  This week I’m going to take a look at the reasons people get infected, the motives behind malware, and the creative ways that malware producers use to infect computers and keep them infected.


How do people get infected with malware?  There are two main ways – passive and active.  Passive infections occur when the user does not keep their computer patched and protected; if they don’t have automatic Windows updates turned on, or if they’re not running a firewall, chances are they’ll be infected.  Running a firewall is especially important; if you use a router, you have a hardware firewall, but if you have one computer connected directly through a cable, DSL, or telephone modem, you are not firewalled unless either running Windows XP Service Pack 2 or a third-party firewall such as ZoneAlarm or Kerio Personal Firewall.


The other way to get spyware is by way of active infection – in other words, the user causes the infection to happen.  The most frequent reason for active infections is unsafe browsing habits.  If you visit porn or warez sites, they will exploit vulnerabilities in your browser and install spyware.  The same thing happens if you are browsing and click “yes” on an ActiveX control.  Those popups that say you are infected with spyware or you’ve won an Xbox360 are not real – don’t click on them!  Of course, if you download pirated software from peer-to-peer services, there’s a much higher chance that you’ll be infected.  I know many people who have never run spyware scans, but when they come to me in a panic because they heard about this spyware stuff and they want to make sure their passwords don’t get stolen, their systems come up perfectly clean because they don’t do questionable things online.


Spyware and virus makers will exploit both active and passive methods in order to get their “products” on your computer.  For example, the first mass-mailing worm, Melissa, used a problem with Microsoft Outlook and Outlook Express to infect computers.  The recent and well-publicized WMF vulnerability was another vector of infection – a malformed Windows Metafile graphic could allow virus writers to execute code without the user doing anything.  Of course, virus writers also exploit people’s curiosity, often sexual curiosity, as shown by the Anna Kournikova and Kama Sutra worms. 


Once they’ve infected you, malware writers will do a lot to keep you infected.  Often, a malware program will run two processes so that when you kill one, the other one will respawn it.  If you get rid of a startup entry or browser add-on with the malware still in memory, it will just put the startup entry or add-on back.  More and more, though, malware writers have gotten even more creative; for example, the famous Nail/Aurora infection would bind itself to the explorer.exe shell, so that as long as you had Explorer running, you couldn’t get rid of the infection.  The latest method that malware authors are using to keep their products on your computer are rootkits, which alter the structure of the Windows kernel in order to conceal their existence.


Why do malware writers go to all this trouble?  The answer back in the days of simpler viruses was merely bragging rights and notoriety in the cracker community.  However, nowadays there is a profit motive involved.  Of course, adware manufacturers get money from each popup they show you, as they are used to advertise other companies’ products.  But even worms and trojans have a money-making ability; they often turn infected computers into a “zombie network” that can be sold, computer by computer, on the black market.  Criminals use these zombie machines to send spam, launch attacks on corporations, store illicit files, and mask their own identities.


What can be done to stop malware?  I don’t think there’s a structural solution; even if the government makes laws against it, people from other countries can still produce it without fear of retribution.  Rather, the solution has to come from each end-user – stay protected with up-to-date antivirus and firewall products, don’t click on email attachments and ActiveX controls, and don’t go to suspicious web sites.  Only when every computer user keeps their computers protected and practices safe browsing habits will we be able to say goodbye to malware.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

  • http://www.security-wire.com/ Remove Spyware

    I agree with your points:)

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: