Exposing the Money Behind the Malware

How cybercrime works and what to do about it

1 | 2 | 3 | 4 Next >

How cybercrime works

The point of nearly all malware is to make money. Cybercriminals have many methods to monetize their activity. Fortunately, the criminals must take many steps for the entire process to work. Every step along the way is another opportunity for us to break the chain needed for their efforts to be profitable.

The first step for cybercriminals is to find victims. Here are the six primary ways cybercriminals ensnare unwitting victims in their nets and compromise their computers for criminal purposes.

  1. Spam: The monetization of malware started primarily with email spam. Peddling pills, fake watches and Russian brides is still a profitable practice for many criminals. Although spam volumes have begun to drop, spammers send billions of messages every day hoping that just a small percentage will make it past spam filters and convince a few folks with their guard down to make a purchase. While malware is still sent attached to some messages, it has largely moved to the web.
  2. Phishing: Attackers use email for more than just spam promoting products and services. Email is the preferred method to deliver phishing attacks. These can vary from emails pretending to be from your bank or email service providers in order to steal your account details, to targeted attacks attempting to gain access to your company's internal services.
  3. Social media: Many spammers have migrated from email spam to social media spam. Users are more likely to click links in commercially motivated spam if it appears to come from a friend or colleague on services like Facebook and Twitter. Breaking news and popular features on these networks can lead curious victims to click on unsafe links.
  4. Blackhat SEO: Scammers continue their cat and mouse game with Google and Bing to manipulate search engine results, which we call Blackhat SEO or SEO poisoning. This leads to “poisoned” search results about many popular topics, including front page results leading to exploits, malware and phishing sites. For more information on SEO poisoning, read our technical paper from SophosLabs.
  5. Drive-by downloads: The largest number of victims are delivered into the hands of these thieves simply by visiting websites containing exploits known as drive-by downloads. SophosLabs sees 30,000 new URLs every day that expose innocent surfers to a variety of code attempting to exploit vulnerabilities in their operating systems, browsers, plugins and applications.
  6. Malware: Worms, viruses and other malware files still serve their masters well. While they are less common today than they were 10 years ago, opportunistic crooks still exploit malware to infect exposed systems and recruit people's computing devices for their own purposes.

Go to next page: Money behind the malware