Your PC may be crawling with software that you didn't install and would certainly be far better off without. This software may be spying on your every move, reporting back the information it gathers to someone who will then use this for their own financial advantage. We're talking about 'malware', a term that describes all manner of malicious software, like damage-causing viruses, modem-hijacking rogue diallers and spyware.
That malware is rife and needs dealing with is not in doubt, but have you ever wondered who is behind this most modern of plagues? With many millions of people now online worldwide, there are bound to be a few bad apples out there. These range from the hardcore virus writers to so-called 'script kiddies', who use programs they seldom understand to create havoc for fun or profit.
Over the next few pages, we look behind the scenes of malware and find out who's responsible for these unpleasant applications and why they do it. We'll also offer some practical tips on combating and preventing the spread of malware.
Malware make-up
In computing's early days, viruses were often released for bragging rights alone, with widespread outbreaks earning a curious form of kudos for the author. But with the creation and subsequent explosion in popularity of the internet, small-time fraudsters and organised crime outfits spotted the potential for profit and promptly moved into the malware business.
The development and distribution of malware is now a booming underground business - and internet users around the world are paying the price. The worst examples of malware are deployed to blackmail businesses, steal identities and drain bank accounts. As a result, there's now a constant battle between the malware writers and security software companies, with each trying to gain the upper hand.
As noted in our introduction, the word 'malware' covers a variety of malicious software, including viruses, spyware and plenty of variants in between. The problem began with the virus - typically a piece of software designed to replicate itself and release a 'payload' of some form, perhaps a cheeky but harmless message or something altogether more sinister, designed to delete or otherwise damage personal files and folders.
The eraliest viruses required user interaction to spread, either by running an infected file or by using an infected disk. But virus writers soon turned to new techniques, such as 'worms' that use vulnerabilities in common applications to spread without user interaction.
Regardless of the matter of transmission, the payload is now where malware writers are focusing their energies. Many viruses employ Trojan techniques, which essentially means purporting to be a legitimate software application in order to mask malicious intent. Trojans range from software that allows the writer full control of a PC to code that searches for personal details, like an email address, which can then be sold to spammers. They can also be used to redirect a web browser to phishing sites that steal login data.
Spyware, meanwhile, is malware that's specifically designed to steal personal information. This includes keyloggers that send back everything typed in be the user, 'screen scrapers' that copy everything displayed on the computer's monitor in the hope of recording confidential information and URL-capture software, which is used to send targeted advertising based on the user's web habits.
Behind the mask
The people who create malware are spread out as far and wide as the internet itself. However, the greatest concentrations are to be found wherever there's a combination of skilled PC users to write the code, the network connections to spread it and sufficient financial motivation to want to become a malware author in the first place. Educational establishments, for example, are awash with computer-savvy types in need of extra cash.
Indeed, there are a number of hacking groups based in and around the old Soviet Union, where computer education is high, but money is hardly abundant. Most famous is the 29A group that wrote the first mobile phone virus 'Cabir', but increasingly it is in Eastern Europe where organised crime is using viruses and spyware to collect financially sensitive information.
Another hotspot is the Far East, which has produced such viruses as the BIOS-damaging 'Chernobyl' from Taiwan and the 'I Love You' worm from the Philippines, which spread around the world's computers in 2000. Nor did the slow pace international legal system do much to dissuade others - the author of 'I Love You', Onel de Guzman, was never prosecuted because there was no relevant law to break in the Philippines at the time.
Though there are indeed a few particularly active areas of the globe in terms of malware creation, these may be driven by forces in other parts of the world.
"These days geographical distinctions are gone," said Greg Day, security analyst at McAfee. "Virus writers are using open-source methods to build malware. This might mean a virus-writer in Russia being hired by a spammer in the US and using a botnet based in Europe to propagate the malware."
Malware motives
So what drives people to spread malware in the first place? As discussed previously, early viruses were created predominantly to show computing skill. But in the past five years or so, the primary motivation for malware writing has become financial. In other words, in one way or another malware is making people money.
There are a number of ways that malware writers will attempt to exploit you or your PC for profit. The simplest is to use a virus to harvest large numbers of email addresses - from an Outlook contacts book, say - and sell them on to spammers. CDs of such collections of email addresses are openly traded online, each containing hundreds of thousands of contacts. But the profit on such transactions is minimal since they are relatively easy to collect.
For this reason, many malware authors have moved on from simply harvesting email addresses to focus on the collection of more sensitive information. Software like keyloggers and screen scrapers can record almost everything a computer user does or views, and with more people shopping and banking online such information can be very attractive to the right buyer.
Even so, recording every keystroke is inefficient because it generates too much information to sift through. More sophisticated malware may be designed to target and steal specific information. Just a couple of years ago, for instance, users of the online payment system e-gold were targeted by a Trojan virus designed to record their login details. Hijacked accounts were then used to buy untraceable items like pre-paid phone cards, which can be easily sold on.
Indeed, online-banking operations are prime targets these days, not just of keylogging malware, but also phishing websites - these are designed to resemble the online homes of legitimate financial organisations, in the hope that visitors will log-in in the normal fashion. Should someone fall victim and proceed with the log-in procedure, their username, password and so forth will be captured, giving the fraudster responsible an opportunity to access their bank account for real. Typically, the fraudster will then transfer some money to a local co-operative 'mule' - someone who has a bank account in the same country. The mule will then forward the siphoned cash to the fraudster in exchange for a commission.
What's up, 'bot?
Malware writers are also keen on collecting computers, with the help of viruses like MyTob. Here a Trojan is planted by the virus that allows the originator to take control of large numbers of PCs - collectively termed a 'botnet' (as in 'robotic network').
This can be very profitable indeed. In the US, earlier this year, 20-year-old Jeanson James Ancheta pleaded guilty to running a 400,000-computer botnet. In 14 months he'd earned $58,000 (around £30,400) by installing adware on the compromised computers and earning revenue from the adverts. He also made $3,000 hiring out his botnet to third parties.
Botnets are often used to send out spam cheaply or to launch denial-of-service attacks against particular websites or online services. In August 2005, Dutch police arrested three men who used the W32.Toxbot virus to create a computer botnet that, it is alleged, was used to blackmail a US company with the threat of a denial-of-service attack, which would shut down its servers.
Remotely controlled computers can even be used to store criminal material. In 2001, Briton Karl Schofield was arrested on suspicion of possession of child pornography and endured a two-year investigation before prosecutors in court accepted that images found of Schofield's computer could have been downloaded remotely by a third party, using an unnamed Trojan virus.
The kids aren't alright
Of course, the kind of code needed to facilitate such theft can be hard to create. However, much of the world's malware is the work of people derisively dubbed 'script kiddies'. The term refers to programmers that create computer code using automated software toolkits, which can generate modified versions of existing malware with minimal effort and programming knowledge.
An example is Jeffrey Lee Parson who, while still a teenager, used a toolkit-created virus to launch a denial-of-service attack against Microsoft. Unfortunately for Parson, he included in the virus code his online name and personal website address and was quickly caught.
Such toolkits can be easy to use and allow someone with even rudimentary programming knowledge to build a virus that is similar to the original code, but with sufficient difference to outwit existing antivirus defences. Moreover, these kits are cheap and readily available. In March this year, researchers at Sophos found that a Russian toolkit called Web-Attacker could be bought online for just £10.
What the future holds
Whatever the source, malware is here to stay and the problem is likely to get worse rather than better. The rewards are now so high that increasing numbers of criminals are turning to this new source of revenue.
In the younger days of the internet, malware was an exercise in technical skill, in beating the security companies and showing off prowess to peers by creating an infection. Those days are long gone, but equally the number of mass infections is likely to fall. The criminals who dominate today's malware industry want to remain as inconspicuous as possible and can make a lot of money out of a small number of compromised PCs.
For the past two years, there has been a corresponding reduction in the size of virus outbreaks as this process continues and the criminals are using a wider variety of spyware to capture valuable information.
We will all need to be much more security conscious in order to avoid being caught out by malware. A good antivirus package, updated every day, is a must. There are also specialised anti-spyware programs for sale, as well as free applications like Ad-Aware (www.lavasoftusa.com) and Spybot Search & Destroy (www.safer-networking.org) - be sure to make use of these tools.
Operating systems and applications also need to be patched. Microsoft releases its patches on the second Tuesday of every month, so be sure to use Windows Update to keep your PC's protection bang up to date.
By taking these few simple precautions, you can greatly reduce the chances of losing out to malware. The criminals deploying malware are going for easy pickings, people with little or no security, so make your computer a little bit tougher to crack.
Malware unmasked