Well, that's just silly. Their egos would be better fed if they did well in school and used their time to study and made use of themselves instead of playing around on computers.

You're assuming that they think and reason like 'normal' people do. They like to take shortcuts in life. They want to go from being a loser to being famous (to their friends). In reality they go from being a loser, to being a bigger loser

do have a question, though: Why do hackers do it? Are they so pathetic that they don't have a life, so they spend all their time developing viruses?

That used to be the case. Not any more.

Nowadays, virus writers do it for one reason: money. There's lots and lots and lots of money in it.

A large percentage of Windows viruses come from Eastern Europe, where virus writing has become a cash staple for organized crime. It might not seem like a person can make money by writing computer viruses, but in a highly networked environment, there's a lot of money to be made.

The most common way to profit from viruses is by using them to install SMTP mail servers on infected computers. Many of the most prevalent viruses, such as Klez, Minmail, Netsky, Mydoom, and so on do this. What this means is that an infected computer becomes a mail relay, and can be taken over by the virus writer and used to relay mail. The way the system works is that a computer, once infected, uses some sort of backchannel to send its IP address back to the virus writer; this backchannel may be a compromised Web site, an IRC channel, and so on. The virus writer compiles a list of infected computers, which he then sells to spammers. The spammers then use the infected computers to send spam. (So-called "Spam King" Scott Richter, one of the world's most prolific spammers, sent spam this way.) According to the anti-spam activists on the UseNet newsgroup news.admin.net-abuse.email, a list of 10,000 infected IP addresses sells to a spammer for about $8,000 US. Spam is relayed through virus-infected computers in order to get around mail filters that rely on lists of known spam senders.

The second way, which is becoming more popular, that virus writers profit from their viruses is by using armies of infected computers, called "zombies," in extortion schemes. A large number of infected computers can be taken over and used to initiate attacks on a target Web site by all making Web requests from the victim's site, thousands or tens of thousands of times per second. Many online porn and gambling Web sites have been the victims of such extortion schemes, though the schemes can spread further; in one recent court case, a man was convicted of using virus-infected computers to attack the Web sites of his business competitors. These attacks, which are called "DDoS" (Distributed Denial of Service) attacks, can be difficult to defend against; a huge number of online betting sites were hit by a DDoS extortion scheme before the last SuperBowl. A typical site will have to pay about $40,000 US to prevent the virus writers from shutting them down before a major sporting event; many site owners pay the extortion because if their sites are hit by DDoS attacks, they lose more.

A newer way that viruses make money is becoming popular in the UK and South America and is starting to affect the US: more and more viruses include "keystroke loggers," which monitor and record all the keys pressed on the keyboard. One variant of such a virus, for example, installs an Internet Explorer "BHO" (Browser Helper Object) which lies dormant until it sees certain strings, such as the word "bank," in a URL. It then activates the keystroke logger, which records all the keys pressed on that Web site and relays them via a backchannel (typically an IRC channel) to the virus writer, who then has a record of the infected victim's user ID, account number, and password on the site.

According to some of the information I've read at The Register, viruses are now believed to be the main source of money for organized crime in Eastern Europe, surpassing more traditional revenue from drugs and prostitution and the like.

In reply to:

---

owadays, virus writers do it for one reason: money.

---

Sounds plausible, but then why don't they write them for Macs? (not that I'm complaining mind you)

Sounds plausible, but then why don't they write them for Macs?

Because architectural elements of the Mac operating system make writing viruses for Macs virtually impossible.

Many people will tell you that there are so many Windows viruses because Windows is so popular, and that if Macs were just as popular there would be just as many Mac viruses. This is not true; virus writers write viruses that exploit any vulnerability they can find, regardless of the popularity of the platform.

For example, the Witty worm, aka the "Whizzer" worm, is a complex and sophisticated virus designed to infect a computer by exploiting an obscure flaw in one particular version of one particular company's software firewall program. The total number of people in the world who used this version of this program was only about 50,000--far smaller than the number of people who buy a Mac every month (Apple is, at last count I'm aware of, shipping about 100,000 Mac Minis per month)--yet the virus writers found and exploited the flaw. (Virus writers are still writing the occasional virus for AmigaDOS, fer crissakes!)

The architecture of MacOS makes is extremely secure for a number of reasons. One of them is that MacOS was designed on top of BSD, an already highly secure variant of Unix. By way of comparison, the Windows architecture has never been secure, and design decisions made many years ago makes it almost impossible to secure.

For example, both Unix and Windows systems have a feature called "RPC," which stands for Remote Procedure Call. RPC is a system that allows a computer to receive commands from another computer on a network. On the Mac, RPC is not running by default; if you wish to enable it, you must deliberately turn it on, which is not easy to do. Windows systems have RPC always running, and it cannot be turned off, because certain parts of Windows use RPC to talk to other parts of Windows even if the computer is not on a network. Because RPC is always running, a Windows computer is always listening for commands across the network; if a virus writer finds a flaw in RPC, he can use it to send commands to any Windows computer.

Another example: In Windows, the Web browser is built in to the operating system. Internet Explorer is always running; it runs as part of Windows. When you double-click the Explorer icon, you're not actually "launching"Explorer; its libraries are already loaded. Because of this, Explorer runs with full privileges; it is allowed to do anything, including read or write any file or make changes to the operating system, even if the user is logged in to a limited account that cannot do these things. If an attacker finds a security bug in Explorer, he can use it to do anything at all to a Windows computer--change the Registry, install software, change the operating system, whatever--because Explorer is considered part of the operating system. On the Mac, the Web browser is just a program, just like any other program. If the browser tries to do something the user is not permitted to, it can't. If the browser tries to change the operating system or to install a file, the user has to type in his password; if the user doesn't type an administrator password, the browser is stopped from doing it. Security flaws in a Mac browser do not give up control of the system.

On a Mac, the operating system makes a clear distinction between "user space" and "system space." A computer program that the user runs is not allowed to interfere with or change the memory allocated to a part of the system. If a computer program running in user space tries to change or access memory that is allocated to the system, the system shuts that program down. On Windows, any program can access or change memory that the system is using, meaning any program can, if the programmer is clever enough, make changes to the system.

On the Mac, the user may not change parts of the operating system without entering an administrator password. This means any computer program the user runs can not change the system without the user typing a password. On Windows, if the user runs a program, the program can make changes to the system without a password.

On the Mac, programs are not permitted to access system events, like mouse clicks or buttons, that belong to other programs. On Windows, one computer program can "spoof" events in another program; that means, for example, that program A can make program B believe "the user just clicked this button," "the user just typed this," and so on. (One Windows virus dropper downloads and installs viruses this way; it makes Explorer believe "the user just asked to download this file," "the user just clicked the OK button," and so forth.)

It's not that there are not many Macs, and it's not that there are not many people trying to write Mac viruses. It's that the very design of MacOS makes writing viruses really, really, really difficult. There are many skilled and dedicated programmers trying quite hard to create the first OS X virus; so far, they have not succeeded, because the system architecture is very secure.


(Edited to fix link.)

i'm a reeeeal newby to mac and one of the reasons for it was because there aren't alot of virus's out there for macs. but since i moved to the light side, one of the most common things talked about is virus's. some c0ck out there is going to read all this stuff and say to himself, right you smug buggers, and he's going to spread the word and get every hacker, virus writer and any other tosserhe knows to dream up the biggest, baddest touch of flu that mac has ever had to deal with. lets just not talk about it/worry about it/think about it. lets just be cool about it and keep our thoughts to ourselves. silence is golden, lets keep it that way

My thoughts exactly!

Hmmmm. This fellow seems to know an awful lot about hacking and viruses. You stay away from my Mac!

Tacit, you have NO idea how much you've just made my day! I have copied and pasted your post and e-mailed it to a few of my PC/Windows friends, who argue the very point that you've refuted and backed up with strong, supportive statements. They always say that there are no Mac viruses because the really skilled hackers aren't interested in infecting Macs, because there aren't that many Macs around. BULL. And I thank you for that informative, intelligent, accurate post.

In fact, I vote to make your post a permanent post in the Stickies section. Consider it, Mods.

Thanks again, Tacit, for an extremely well-written post.