What hackers do: their motivations and their malware

Whether a hacker uses a computer exploit or malware, their motivations are the same. Understanding why and how hackers hack is key to your defense.

Understanding hackers and how they attack

Whatever the threat, it is arriving to your computer in one of two ways: human adversary or malware. Human attackers can use any of the hundreds of thousands of known computer exploits and attack methodologies to compromise a computer or device. People are supposed to run patching routines, and many devices and software programs try their best to automatically update themselves, yet many computers and devices are left vulnerable for long periods of time even after the patches are available, a fact that hackers love.

Unique malware programs number into the hundreds of millions, with tens of thousands of new ones created and released each day. The three main malware categories are viruses (self-replicating), worms (self-traveling), and Trojan horse programs (which require an end-user action to execute). Today’s malware, usually arriving via web page or email, is often a combination of multiple malware classes. Often the first malware program to exploit a system is just a “stub downloader” program, which gains initial access and then “phones home” to get more instructions and to download and install more sophisticated malware.

Often the stub program will download over a dozen different new malware variations, each designed to avoid antimalware detection and removal. Malware writers maintain their own malware multi-detection services, similar to Google’s legitimate VirusTotal, which is then linked to an automated updating service which modifies their malware to be undetectable by current antimalware engines. It’s this nearly instantaneous updating that causes so many “unique” malware programs to be created and distributed.

The malware writer or distributor may also be paid to infect people’s devices with completely different types of malware. It’s a renter’s market out there, and if the malware controller can make more money renting the compromised devices than they can make alone, they will do it. Plus, it’s much less risk for the controller in the end.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!