How is spyware formed? How computor get varus?
November 23, 2010 7:02 PM   Subscribe

Why do people create and use viruses/spyware/malware?

I recently got a virus on my computer that really screwed it up real good – it redirected websites I wanted to go to, sent me pop up/pop-under ads, opened up new tabs in my browser, and served me slow-loading video banners on websites where they they didn't belong. It also generally made my computer slower and was an all-around awful experience. The virus is gone now, but it was bitch to remove.

My question is this: Who is creating and using these viruses, and why would ANYONE think this is a valid form of advertising? I imagine that these malicious techniques are marketed as "re-contextualized targeted advertising" (or some similar BS) to potential advertisers/scammers, but hasn’t it been proven to be ineffective by now? Are people who are infected seriously clicking on these pop-ups and buying the shit being hawked at them to the extent that the skeezy advertisers are getting a good ROI?

For instance, one of the ads I kept getting served was an infomercial-type of video for a cleaning product. I can't imagine their marketing department coming to the conclusion that "yep, let's go the spyware route on this one, that will really reach our audience, I heard that puts up great numbers."

I guess I’m looking for articles, insights, and viewpoints from tech wizards who are knowledgeable about this sort of thing. Ideally I’d love to find some muckraking journalism to see the behind-the-scenes of malicious internet advertising and figuring out WHY people do it? Who is behind it? How much money do these "advertising" companies make? What is the incentive?

Sorry that this is more like a thousand questions crammed into one. Feel free to cherrypick.
posted by windbox to Technology (13 answers total) 5 users marked this as a favorite
Not the advertisers, the people being paid by the advertisers. That, and they can steal your passwords/info, spam your friends, and get all their info too. Besides, a very surprising number of people fall for the fake-virus/malware anti-virus things that want money to go away...

That, and your pc becomes a zombie system in a botnet, which they can use for anything from taking down rival networks to creating fake traffic and hits for more ad networks.
posted by TomMelee at 7:07 PM on November 23, 2010

Presumably, the amateur stuff comes from bad affiliate programs. The more insidious stuff comes from organized crime.

In the older days, they were hacking challenges, or "who would ever want to do THAT" style security.
posted by gjc at 7:14 PM on November 23, 2010 [1 favorite]

Fun and Profit. Why else?

Fun: People (often teenagers and young adults) like to prove that they're better and smarter than everyone else. They think "pwning" a million people's computers is proof of that.

Profit: Say that advertisers will pay you 10 cents per unique IP address that looks at their ad. You write a virus that pops that ad up on a million computers. Instant profit. The actual schemes are often a little bit more complicated than that, but the concept is similar.
posted by chrisamiller at 7:31 PM on November 23, 2010 [4 favorites]

You know those "Attend this seminar to learn how to make $10K a month!!!" seminars you see advertised? Sometimes, the make money fast scheme is to encourage you to send spam. And you don't even need to know anything technical--you just pay their associate company $X dollars, and they'll do all the work or sending out the ad for you!

If, in the seminar, you ask "But does it work", they respond, "Of course it must! Think about how much spam you get! You wouldn't get spam it if it didn't work."

The seminar attendees never make any money, of course. But they do pay a lot of money to a company that sends a lot of worthless spam.
posted by IvyMike at 7:39 PM on November 23, 2010

Several years ago I was hired to give computer instruction to Adult ESL learners. Among the students I got were a handful who really didn't need any instruction -- younger family members of former South Vietnamese military officers who had received refugee status in the mid-1990s. In spite of being essentially blacklisted due to their family associations, several of them had managed to take classes in Assembler, C and Pascal in an actual higher education setting in Ho Chi Minh City. Problem was, they were unemployable because of who their parents were, so they had a lot of free time on their hands. They told me much of that time was spent hanging around the computer lab writing viruses, on machines 5 to 10 years older than what we had in our program.
posted by gimonca at 7:50 PM on November 23, 2010

In a lot of cases, the stuff being hawked by spammers is not entirely legit to begin with.

If you have a bogus product you're selling for a ridiculously overinflated price, you can hardly shop it around to Rite Aid and Walgreens. Instead, you pay people (typically a percentage of the sales cost - like $1 for each unit sold) to spread it on the spam networks.

A surprising number of people fall for these spam ads. Something like .02%. (Let's face it: .02% of the population will do just about anything.)

It costs roughly the same to send 10 million spam messages as it does to send 100, so there's an economy of scale there.

Say you send out 10 million spam messages (not an unusual number per campaign). If you have a .02% success rate, that's 200,000 orders. If you're getting $1 per order, that's a cool $200,000 you just earned for free + maybe a dozen hours of your time.

(I'd never do it myself, but I know people who have. I can't point you to any scholarly articles or reference papers, simply pass along what I've been told.)
posted by ErikaB at 7:52 PM on November 23, 2010

Why do people create harmful malware which gives them no monetary return? Just to prove they exist and can do it. It's the same thing that causes people to paint graffiti on subway cars and on the sides of buildings.

Young people have a drive to make a difference, to change things. In teenagers this mostly results in vandalism and destruction, but in slightly older people it's the primary driver that has changed and improved the world.
posted by Chocolate Pickle at 8:13 PM on November 23, 2010 [2 favorites]

When it comes to advertising: assume that just 1% of the people who look at the spam think "oh, what the hell, let me at least check this out." If you send your spam to ONE MILLION people, one percent of one million is still ten thousand. And that's a lot of people.

Or: there are some people who are indeed so truly idiotic when it comes to computers they actually don't think anything's wrong.

As for the non-adware virus motivation: some people are just dicks.
posted by EmpressCallipygos at 8:39 PM on November 23, 2010

My mom, along with many other people I know, always says "yes" when her computer asks her a question. Some people do it with the blinking ads (she gets loads of viruses through this behavior, and lots of blinky ads, but doesn't buy anything.) I mean... those Nigerian scams work on some people, right? It all comes down to how big the number of "some" is, as to whether it's worthwhile for the jerks of the world.
posted by SMPA at 8:51 PM on November 23, 2010

The magic word you want to search on is "botnet". If you forgive the self link, I have a few curated delicious links about BotNets you might find interesting.

Long story short, malware is used to take over a PC and make it a zombie in a botnet. Botnets are then used for various things.. showing advertisements to the infected machine is one. Sending spam. Helping steal Warcraft accounts. DDOSing sites as part of an extortion racket. Etc. The Malware authors generally just sell the malware to people buildnig botnets. The botnet guys then lease access to their networks to the real criminals with agendas like sending spam or the like. Think of it as like Amazon EC2, only illegal.
posted by Nelson at 8:52 PM on November 23, 2010 [1 favorite]

For instance, one of the ads I kept getting served was an infomercial-type of video for a cleaning product. I can't imagine their marketing department coming to the conclusion that "yep, let's go the spyware route on this one, that will really reach our audience, I heard that puts up great numbers."

You seem to be laboring under a misapprehension that you are in some way a potential customer for the advertisers whose output is crapping up your computer. You're not. Your attention to these ads is a commodity being sold to the advertisers, who can in turn misrepresent your status as a potential customer to their customers - businesses who commission advertising.

Since there is currently no technically feasible method for measuring that attention, it has become customary to use the number of unique computers the advertising gets served to as a proxy.

There is also no technically feasible method for discovering whether Internet Explorer went and grabbed that ad because you told it to or because the circulating malware du jour did. From the advertiser's point of view any hit is a good hit, and they price their ads to the businesses who commission them accordingly.

There are generally enough layers of business relationships between the advertising pricks who leech off the productive business community and the organized criminals who sell botnet access to give the advertising leeches plausible deniability.

It's all crap, and it's one of the many reasons I prefer not to use Windows. Because for whatever reason (and there are many - some technical, some economic, some virtually ecological), it remains a fact that desktop malware infestations, and the pain and suffering required to keep them at bay, are problems that by and large only affect Windows users.

It used to be that Mac people would enjoy crowing about how secure their systems were compared to everybody else's. But since Linux has been gaining serious traction (helped along by the increasing success of Android, for good or ill) it's starting to become even more glaringly obvious that it's not so much that Macs don't get infected as that only Windows does.

This particular feature of the modern digital environment is something I no longer care about enough to object to in any serious way. I can no longer really be bothered spending serious time on persuading folks at large that they don't actually have to put up with this shit, or with restrictive software licensing shit, or with vendor lock-in shit, or any of the other 99 kinds of shit that makes living with Windows such a shitty piece of shit way to live.

The alternatives are out there, they are perfectly workable, and if people who should have noticed that by now choose to continue wallowing in the bogs of Redmond: well, good luck to them. As long as the Windows users and the malware industrial complex continue to seek out and enjoy each other's company, that's one less level of worry I need to have about keeping their shit off my own boxes and those of my customers.
posted by flabdablet at 2:30 AM on November 24, 2010 [3 favorites]

Are people who are infected seriously clicking on these pop-ups and buying the shit being hawked at them to the extent that the skeezy advertisers are getting a good ROI?

I once worked with a young lady who suffered from malware popups on her home computer.

One of the popups was an ad for a software product that would stop malware popups.

Unsurprisingly, the application, which she purchased, did not help her problem one bit.
posted by Jonathan Harford at 6:19 AM on November 24, 2010 [1 favorite]

Responses so far are mostly focusing on the advertising example you gave, but the actual question was general, so to expand things a bit:

The recent Stuxnet worm was apparently very specifically targeted to mess with Iran's nuclear facilities.
posted by Su at 12:12 PM on November 24, 2010

« Older I want to kick some cognitive memory ass!   |   Corrupt NTFS filesystem, can't get into the repair... Newer »
This thread is closed to new comments.