Is malware always bad?

I just came across an interesting article in IT Management which called the Happy New Year malware a “hoax” since it is not as malicious as people originally thought. It “only” spams the infected users’ contacts with a stock manipulation scam.

Which brings me to the question - does malware have to do something bad in order to live up to the “mal” in its name? Truthfully, much of the malware today seems so benign that most end-users do not even realize they’ve been hit. This is the reason that even though most anti-virus engines are typically hours or days behind most virus outbreaks, there has not yet been a huge outcry saying “save us, our AVs are not working!”

Most malware today surreptitiously installs itself on the unlucky computer and turns it into a spam zombie (as in the case of Happy New Year), or quietly harvests passwords, or even uses your home PC to host pictures for its distributed pornography site. Do these hurt the specific user who got infected? Not really, since they are usually unaware of their computer’s spam attacks, or the hidden directories on their PCs filled with naughty pics (unless it’s a password harvester and they get their bank account cleaned out - that would be pretty bad). But even those parasitic malwares that don’t kill their host are hurting countless other people who are on the receiving end of the spam it sends, or who may be hurt by abusive pictures. Infected computers become part of a huge virtual underworld that traffics in spam bots, hosts illegal content, sells personal information, and yes, engages in idiotic stock pump ‘n’ dump scams. Also, even a seemingly harmless outbreak may be a practice run for something much nastier to come.

The way I look at it, if you open up an email message and execute code you didn’t realize you were executing, this is malware, even if the trick it plays on you doesn’t seem so terrible or isn’t even immediately apparent. Malware is any program that installs itself without permission. Remember permission marketing? and permission emailing? well, this is permission executables.