Windows PCs have been under siege for 20 years. There's been a clear succession, with the means, methods, and goals changing definitively over time. As with any technology, innovative thinking points the way forward. Here's a look at how ingenuity to nefarious ends has transformed Windows hacking into a multi-billion-dollar industry, and where the Windows malware trail points to the future.
Where the money goes today
Botnets formed years ago are still in operation - a fact that isn't lost on the folks who bankroll the now highly lucrative malware industry.
The professionals behind these programs don't take kindly to competition. Sobig was followed by Mydoom, another email-attachment botnet generator, and a malware war broke out between Mydoom, Netsky, Sasser (which took out thousands of companies), and Bagel, each of which attempted to clobber the other. An 18-year-old computer science student in Germany was convicted for creating Sasser and the Netsky.AC variant.
The Zlob Trojan took a new tack by disguising itself as a video codec, deemed necessary to run video files of uncertain pedigree. Zlob has seen dozens of incarnations, most of which are notorious for pimping rogue antimalware, a moneymaking pastime. Zlob has morphed over time and emerged to notoriety five years later as the Alureon rootkit.
In 2007, Storm Worm started as yet another email-attachment botnet generator, but one with a difference: Instead of operating the botnet through a single server, Storm Worm borrowed peer-to-peer technology to disperse control. More than one million Windows PCs were infected. The Storm/Waledac botnet was largely broken up in late 2008, but it woke up and started spamming again last month, according to Symantec. Waldec's handlers are gathering steam for a big Round Two.
Many other botnets have come and gone in the past few years, most of them taken down or severely attenuated by breaking lines of communication and blocking compromised servers. A few remain problematic, most notably ZeuS, a do-it-yourself botnet kit designed to pick up passwords, account numbers, and the like on infected machines, then send them to the chosen drop zone, as well as Conficker, a botnet considered dormant but not completely eradicated.
Spam-generating botnets, such as Waledac, are getting hit hard by Microsoft's lawyers. Last October, one of the largest spam botnets, Bredolab, was decimated (although not completely eliminated) by the Dutch National Crime Squad.
NEXT PAGE: Where malware is heading