Who Makes Malware? Am I Paranoid, or Are They After Me?

Who Makes Malware? Am I Paranoid, or Are They After Me?Last week, I wrote about old Internet scams not dying. This was prompted by a couple of attempted scams on some of my clients. (I do not count attempts on my own system because I suffer several attacks every day from something or another. I sometimes deliberately let an isolated machine get infected just to test my protection. This is probably not an activity for the faint of heart.) But I was surprised at the meeting of a club I attend to learn that there seems to be an epidemic of malware attacks in progress. I have no real statistics, but after several months of no one complaining about being attacked, three members related incidents and several nodded. Fortunately only one of the infections was serious enough to provoke a factory restore.

Although we tend to become inured to the presence of bad guys trying to corrupt our systems via the Internet, I wonder sometimes if something more serious is going on here. Two weeks ago I categorized the creators of malware as either trying to steal things (money or control of your computer for nefarious purposes) or simply trying to have perverted fun by harming or harassing other people. At the risk of being dismissed as a total paranoid, could there be something else at work? Can some of these attacks have a more sinister origin?

We all know that modern warfare has a cyber-component. We hear rumors of viruses being deliberately planted in Iran’s nuclear facilities to destroy the centrifuges. All countries have teams working on both sides of the cyber-security issues. If you wanted to bring another country to its knees cheaply — much more cheaply than using various explosive objects — then bringing down its banking system by infecting it with appropriate malware would work nicely. Your only hardware cost might be a small computer and an Internet connection. Assuming you already have a team that has developed the malware, your operating expenses are minimal. Such an attack is certainly more cost-effective than conventional weapons or even suicide bombers.

A major problem with developing cyber-attack tools is how do you test them under realistic conditions? You cannot just shut down a minor country as a beta test. Besides, the first time you bring down any major system, then everyone knows it can be done, and they might even be able to figure out who did it. More important, they might have time to develop counter-measures before you can deploy a fully working attack. The situation is similar to what would happen if you stole a military tank: the first time you take it out for a ride, everyone knows. The second time you take it out, someone probably has a shoulder-mounted missile waiting with your name on it.

So what would you do if you were part of an elite development team working for a major government to develop cyber-weapons of mass destruction? How would you test them? I suggest that one way would be to unleash minor variants on individual consumers to measure their effectiveness in propagating and to see how quickly counter-measures can be found to neutralize them. This would be inexpensive testing on a global scale. In fact, you would actually be commandeering the anti-virus software providers and individual PC users to do development research for you in addition to their obvious utility as reluctant testers.

Now combine that thought with the occasional coup such as stealing credit card information or hacking into a large corporation’s private network. These things make the evening news, but we can assume that other successful attacks are not reported. The victims prefer to keep it as quiet as possible and fix the issue. That is, the events we hear about in the open press are almost certainly only a lower limit to what has actually occurred.

How about minor annoyances like Internet access slowing down for no apparent reason or even becoming intermittent? Are you completely sure your computer has not been made a zombie?

Are these worries just paranoid ranting? Maybe, but maybe not. I only mean to explore the possibility that not all of the malware attacks we suffer are due to simple greed of petty criminals or the perverse enjoyment of misanthropes striking out at innocent victims. What we see might be just the tip of a cyber-iceberg heading for our Titanic.

One problem with musings like this is that they are almost impossible to disprove. A true paranoid would argue that the lack of proof of governmental interference is evidence of a high-level cover-up. Certainly no government is going to voluntarily ‘fess up to deliberately infecting civilian computers as a test, but we know that in the past governments of all types have had no problem infecting unsuspecting citizens with actual diseases or lethal dosages of radiation “for the greater good.” We also know that all major governments have developed or tested biological weapons, and that sometimes accidents have happened. So there is reason to at least consider the possibility that some of the malware normally experienced by my senior PC user friends is not generated by private individuals or criminal gangs.

So what? How would your life be different if you knew that the Trojan intercepted by MSE was a cousin to a clandestine tool designed to compromise the entire banking system of the United States of America? Conspiracies are difficult to disprove (witness the conspiracy theories still propagated about the Kennedy assassination), but that does not mean all conspiracy theories are bogus.

Malware is a fact of life just as the threat of nuclear annihilation is a fact of life. Neither should stop us from doing or enjoying things we like. One takes precautions and presses on. Besides, we have no evidence that malware originates from government development, do we?

Article Written by

  • http://lance.compulsivetech.biz/ Lance Seidman

    Just to let you all know, the best Malware detection is yourself. Correct, you are normally better than most App’s to detect Malware/Trojans that are loaded in memory and sending information over the web.

    To truly see if you may be infected, open a Command Prompt as an Administrator (Right-Click the cmd.exe and left-click Run As Administrator) to now simply type “netstat -b” and press enter or return on your keyboard.

    Now you’ll see: PROTOCOL IP:PORT  REMOTE IP  STATUS. This will also show you nicely where and what is sending information.

    See, you can do it yourself and may even be better as a lot of infections can detect known tools from Norton to Panda AntiVirus and attempt to stop services or forcefully shutdown those detection tools. 

    • Sdeforest

       I agree with you premise entirely.  Your hint is a good one.  If someone wants to get more involved, they can download and install Sharkwire, but that takes a bit more work to understand

      • ‘Tis Moi

        I assume you meant, Wireshark? The network traffic analyser?  Yes, good program- and yes, you need to do your homework to be able to get the most from it…not for newbies. Thanks for the tip on “netstat -b”.  All of this is why I love my Linux Mint~ Cheers!

        • Sdeforest

           i pray to dog that I am not getting dyslexic–yes, I meant Wireshark.

  • Merinda _

    I find it ironic how there’s an ad for MacKeeper at the bottom of this article..

    • Lpk7

      What ad? I don’t see any ads on here. Then again, I’m using Adblock.

  • http://www.facebook.com/troyBORG Troy Ruggeberg

    If you think you have Malware, you should really scan your computer.
    I’ve repaired a lot of computers and the best program I found to get rid of it.
    Is Malwarebytes.

    • Sdeforest

       I always recommend Malwarebytes combined with MSE.  The best anti-virus applications typically miss about 30% of new infections.  Using two (compatible) applications catches more than either alone.

  • http://www.KillerGameRants.com/ Warren

    Thanks a heap Chris!

  • Sdeforest

     On your display, not mine.  Welcome to targeted marketing

  • http://chris.pirillo.com/ Chris Pirillo

    I wish I could block you, then… “Lpk7.”