What is the purpose of malware?

I've seen all sorts of speculation on why malware is created and distributed, but is there any hard evidence of what exactly it does and why? Please point me to any online resources.


As usual, follow the money...

There are many incentives to create malware, but almost any malware you'll see today is intended to gain illegal profit.

The classic way of doing that is making your computer send lots and lots of spam. If the malware creator has a large number of computers that do that, the spam is very hard to recognize as such, because it is not originated from a single source. This network of spam computers is often reffered to as BotNet.

EDIT: You can find many references at the bottom of the Wikipedia article linked above.


Different malware is distributed for different purposes.

Some Botnets are used for stealing passwords and credit card information.

Some Botnets are used to make Distributed Denial of Service attacks. Sometimes that's used to get websites to pay ransom money to avoid becoming shut down.

Some Botnets are used as infrastucture for illegal activity like child pornography.

Some Botnets get used to send out spam.

Sometimes the Botnets also get simply rented out and the person who rents it can do whatever he wants with it.


No better place to go then Wikipedia here

Specifically the references sections as well as the see also section.


Graham Cluley's blog is very good and very informative:
http://www.sophos.com/blogs/gc/g/category/clu-blog/, as is the SophosLabs blog.