The business of malware


The business of malware is a scary, scary thing. There is no doubt that it’s profitable; a quick google search for “cybercrime profit” will net a pile of stories about how spyware, malware, and electronic fraud, and I quote a researcher from Fortinet, can be as profitable as heroin. [1] (According to MSNBC, heroin is a $3.1b industry. [2]) The individuals involved in such things as credit card theft and bank fraud can make a tidy profit; for instance, a botnet [3] with merely five thousand computers in it might sell for $500. [1 again]

That’s only the supply and demand section of the business model, however. The way of the world is that everyone wants a piece of the pie, and it’s not just the people creating exploits and malware and the people stealing money from accounts and credit cards, committing blackmail, and stealing trade secrets who get money from this sort of thing. Affiliate marketing is, and has been for years, the favorite way to spread the wealth around a bit, letting people with popular – or notably unpopular – viewpoints make a few bucks from their web pages. This is, of course, entirely reasonable when the money is coming from Google’s AdSense or Amazon’s Associate program. It’s scary when it’s coming from Russian hackers.

In 2005, Information Week ran a story describing a Russian business paying webmasters $0.06 per infected machine when they put a bit of exploit code on their websites. [4] More recent information may – and I unfortunately have no citations at this time – suggest that prices per infection are growing.

When you combine that with the amount of money that can be had for installing pure crapware, where you can get at least $0.30 per machine infected [5], it’s obvious that to an unscrupulous individual with perhaps a taste for inflammatory activities, putting a few – or a lot – of these exploits on a webpage which describes your unpopular ways of life can lead to a huge amount of income. This is particularly true because of the sad fact that a disturbing number of computers are vulnerable to infection, and maybe as many as a quarter of all desktops are already infected. [6]

It is pure speculation on my part that the Warriors for Innocence (who are at the very least involved with ‘deletegate’ [7], the LJ strikethrough scandal / misunderstanding / tragedy / whatever it turns out be, and who reportedly have a fair number of pieces of spyware/malware/etc set to infest your computer when you view their webpage) have entered into affiliate deals such as this to profit. It seems likely, however, that they at least know about and support the infestation; in times like this where there is a fair amount of attention focused on a website, webmasters pay closer attention, and even if they had been compromised, this would likely have been discovered and cleaned up if it were not intentional.

For your reference, the WFI web page is here:

http://www.warriorsforinnocence.org/search/label/LiveJournal

DON’T GO THERE IF YOU ARE NOT AWARE OF HOW TO AVOID SPYWARE INFECTIONS – I recommend using Firefox, on a Mac or Linux computer. YOU HAVE BEEN WARNED.

[1] http://www.darkreading.com/document.asp?doc_id=107516
[2] http://www.msnbc.msn.com/id/18787919/
[3] http://en.wikipedia.org/wiki/Botnet
[4] http://www.informationweek.com/story/showArticle.jhtml?articleID=163700819
[5] http://blogs.zdnet.com/Spyware/?p=850
[6] http://arstechnica.com/news.ars/post/20070125-8707.html
[7] http://www.boingboing.net/2007/05/30/lj_purges_incest_sla.html