Malware is a business. Yes, there are malware authors out there who are just mucking about and doing it for the “lulz”, but today’s operating systems are sophisticated and coming up with the code to infect a computer is difficult and time consuming.
When writing code moves from “easy and fun” to “difficult and time consuming”, the writing of that code tends to become more professionalized. Much of the most sophisticated and effective malware is written by coders that are as good at, if not better, than the coders working at many Silicon Valley startups.
In recent years we’ve seen malware infections turn computers into nodes in botnets. These vast collections of nodes are controlled centrally and have generally been used to either launch distributed denial of service attacks, or as relay locations for vast amounts of unsolicited commercial e-mail.
The most sophisticated malware, like sophisticated software, is auto-updating. This allows the people that control the malware to update it and to change its functionality. Some strains of malware are extremely modular. Traditionally we’ve called malware “viruses” because of the way that they spread, but it is also reasonable to suggest that like viruses, malware can evolve (well not by itself, at least not out of the pages of a technothriller).
Bitcoin mining is one likely payload for sophisticated malware. A games making company was recently fined for the deliberate placement of a Bitcoin mining program in a game they distributed. As people were playing the game, the Bitcoin miner was working in the background generating Bitcoins. With BitCoin mining, the greater the number of nodes you have mining Bitcoins, the more likely you are to generate a Bitcoin. If you’ve infected tens of thousands of computers with malware that you can update, it doesn’t take too much imagination to deploy software to those infected computers so that they start mining Bitcoins.
Bitcoin mining clients may represent the simplest way to monetize malware. Don’t be surprised if we see an increase in the prevalence of malware with this functionality.