We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

20 years of innovative Windows malware

Groundbreaking Windows malware sheds light on what's to come

Windows PCs have been under siege for 20 years. There's been a clear succession, with the means, methods, and goals changing definitively over time. As with any technology, innovative thinking points the way forward. Here's a look at how ingenuity to nefarious ends has transformed Windows hacking into a multi-billion-dollar industry, and where the Windows malware trail points to the future.

Where malware is heading

As Windows XP machines die and get replaced by Windows 7, Windows is getting more difficult to crack by orders of magnitude. Little malware players have been squeezed out of the market, and the big players, looking for new opportunities, are finding few low-hanging fruit.

Still, Windows zero-day vulnerabilities are worth a lot of money, and those who find them these days are much less likely to use them to make funny dialogue boxes with the number one.

Because of this, we can expect Windows malware to continue evolving in innovative ways. One prominent trend is the rise of attacks outside of Microsoft-land. Koobface, for example, runs on Windows, but it's used to harvest information from Facebook and MySpace, convince Facebook users to install rogue antimalware programs, and otherwise turn social networking information into lucre.

Another trend will likely revolve around industrial espionage. Whether or not you believe the Stuxnet worm was designed to break Iranian nuclear enrichment centrifuges, there's no question that a very capable team constructed a breathtaking array of zero-day Windows cracks and Siemens Step 7 code. Expect motivated organisations to blend innovative threats to get what they want.

As for malware construction kits, ZeuS looks to be only the beginning. By democratising the construction of malware, sufficiently talented kit creators can make a decent living, at much reduced risk. With kits for sale, the creators don't have to worry about disseminating the malware without getting caught, keeping drop sites working, or turning information into money. Recently, Brian Krebs reported that ZeuS and SpyEye have apparently joined forces, and the latest ZeuS source code can be purchased for a paltry $100,000. With source code in hand, you can create and sell your very own customised ZeuS construction kits. Think of it as a malware multilevel marketing scheme.

But the most prolific vector for malware innovation will likely reside in social engineering. After all, while it's getting harder to crack Windows programs, it's as easy as ever to attack the weakest link: the one between users' ears. Look for more cons, more fake 'Windows tech support' calls, and more bewildered users who will gladly give out sensitive information to anyone who claims they can help fix things.

Windows malware has changed a lot in the past 20 years. People haven't.

See also: The 17 most dangerous places on the internet

  1. Groundbreaking Windows malware
  2. The rise of the Microsoft macro viruses
  3. The next big jump in malware
  4. The beginning of the botnet
  5. Where the money goes today
  6. Where malware is heading

IDG UK Sites

5 reasons not to wait for the Apple Watch: Why you shouldn't buy the iWatch

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How Emotional Debt is damaging digital design

IDG UK Sites

iPhone 6 review: Apple's new iPhone is bigger, better & faster than ever before