Moving from Fame to Fortune

What changed everything was when the hackers, miscreants and ne'er-do-wells moved from fame to fortune. Once these guys figured out you could make money, malware became crimeware and nobody writes malware for bragging rights anymore. It’s for the moola.

So it’s been hard to explain Conficker/Downadup. It’s been plenty famous. But it wasn’t doing anything to make money. That changed shortly after the E variant came out. (If you can’t keep the varinants straight, don’t feel bad. Most people can’t. Want to see a terrific visual explanation? Check out the video Ben Narhorney put together to explain it all. You can see it on the Symantec Security Response YouTube channel. There are other great videos there too.

So how did Conficker move to fortune? Well it wasn’t by changing its own behavior. It was much more simple than that. It downloaded another well know piece of malware; Waledac. W32.Waledac can steal information from a machine, send spam from the machine and download additional files. And download additional files it did. The most popular way bad guys are making money on the internet right now is misleading application. And sure enough, on Conficker infected machines up pops a misleading application called Spyware Protect 2009.

Undoubtedly this is not the last use for these machines for fortune we’ll see. My prediction is that once they’ve drained as many dollars as they can out of the owners of these machines they'll start using them to drain money from non-infected machines. Most likely via spam. When we start seeing this happen we’ll let you know.