I bring this up because this is the first part in a series of articles about malware. Malware, no matter what you call it - scare-ware, malware, adware, viruses... whatever - is malicious software that's built for the purpose of extracting money from you somehow. Here's the crazy thing about malware... once you get over the fact that it's evil you can't help but be quite impressed with the features.
First off... the programs some of these coders crank out rival anything Redmond, or just about any other shop puts out. I've recently run across a piece of software, called a packer, which at a mere 52kb (with GUI) could fundamentally make any nasty piece of code absolutely undetectable. This isn't some command-line too either, it is a fully-features, GUI-driven encryption/obfuscation utility that has an absolute cornucopia of features. I am impressed.
It seems that although your average developer seems to have lost their ability to make code efficient and small... the guys and girls writing the nasties out there are getting better and better at it. Why, you ask? Let's look at the reasons we'll cover in much greater detail in the upcoming series of posts...
- Stealth - If you're distributing malware, you don't want to get caught. The object of infection is to hold the machine once it's infected... and keep making money for the infector. A big part of this plan is being stealthy enough such that the code you've dropped into the host machine is not detected... this involves encryption, obfuscation and other interesting methods to be discussed later.
- Speed - Bloated code runs slow. Slow-running code takes longer to execute on the host, whether we're talking CPU cycles, or memory footprint... and this increases the chance that the [hopefully] resident anti-malware engine catches it. This is bad, obviously so speed-optimization is important.
- Efficiency - Efficient code seeks to minimize externalities, such as DLLs, libraries, config files, etc... again, decreasing the likelihood of being detected. Malware detection engines often rely on heuristics which watch processes and their behaviors... you start tripping too many externalities... you're more likely to get caught.