Why+Does+Malware+Exist?

media type="file" key="Why Does Malware Exist_.mp3" width="240" height="20"

When you consider the work that goes into writing software, you have to ask why anyone would care that much about trashing a stranger’s computer system. To understand why people write malware, it helps to look first at WHO is doing the writing.

A surprising number of teens write malware. According to Sarah Gordon, a research scientist, their most common feature is that they don’t really have a lot in common. Sarah’s research finds that malware writers “vary in age, income level, location, social/peer interaction, educational level, likes, dislikes and manner of communication.” While some teens write malware for the sheer challenge of it, others have heavy delusions of grandeur. That was certainly the goal of Sven Jaschan, an 18-year- old German teen sentenced in 2005 for creating Sasser.e, a variation on an earlier worm dubbed Netsky. Sasser literally bombarded machines worldwide with millions of junk emails. Jaschan’s goal wasn’t so much to disrupt Internet commerce as it was to make a name for himself. After his arrest, he told officials he’d only wanted to see his “creation” written about in all the world’s papers. Jaschan told reporters, “It was just great how Netsky began to spread, and I was the hero of my class.” Is this admiration justified? Rarely. Consider the case of Jeffrey Lee Parson, of Minnesota, an 18-year-old arrested for releasing a variant of the Blaster virus. While his friends and neighbors were taken in, at least briefly, the world of com- puting professionals was not. Parson had simply copied the existing Blaster code, created a simple variant (no real skill there), then was almost immediately caught when he released it. Not a lot to admire.

The nature of malware writers has evolved with the technology they exploit. The very first self-replicating programs existed mostly as technical exercises. For the most part, these were generated by graduate school programmers, often as re- search for doctoral theses. Early on, the field expanded to include teens looking for a technical challenge as well as the stereotypical loner geeks—socially awkward teens using malware to make names for themselves. These writers not only didn’t hide their viruses very well, many didn’t hide them at all. Their goal was to make as many people as possible aware of what they’d done.

Not surprisingly, many of these malware writers were caught. Even today, some malware includes “authorship” information. In some cases, those really are the names of the malware writers or the groups they represent. In other cases, named authors are themselves additional victims.

More recently, professionals are joining the loop. Mikko Hypponen of the Finnish security firm F-Secure, notes, “We used to be fighting kids and teenagers writing viruses just for kicks. Now most of the big outbreaks are professional operations.” They’re looking for cash, not infamy.

People still write malware for the chal- lenge or to become famous, but they also write malware to steal intellectual property from corporations, destroy corporate data, promote fraudulent activity, spy on other countries, create networks of compromised systems, and so on. Malware writers know that millions of computer systems are vulner- able and they’re determined to exploit those vulnerabilities. Does this mean that all those teen users are turning into computer crimi- nals? No. It simply means that with wide- spread Internet access, more people are using the Internet to commit crimes.

More information than ever is now stored on computers, and that information has a lot of value. You may not realize it, but your computer and your data are at higher risk than ever before. Even if your machine contains NO personal infor- mation, NO financial data, and nothing that could be of the slightest interest to anyone, your computer could still be used to attack someone else’s. As Justin, a 16-year-old from Atherton, California said, “It’s just not right that someone can take over my machine and use it.”