Is there any opinion of yours?

1. Yes and yes
2. Huh? Yes, only humans write these virus, though there are trojan creation kits that do magic stuff, these were created by man and are controlled by man.
3. HUH? Seriously?
4. Anything you can think of is possible, especially if you like conspiracy theories. Possible does not mean they are doing this.
5. See 4.

Conspiracy theories... I laugh at them 😉

Man does strange things to this world... 😁

Google cyberwarfare. 🤐
The biggest threats aren't some yoho hackers living in their mom's basement anymore. The biggest threats are from organised groups (corporations or nations secret services even) who shower us with their spyware gaining info about everything and when the time is right they will cause cybercalamities on a global scale. You can forget about protection on those for the most part.

That all antivirussoftware companies deliberately making virusses or feeding the virusmakers doesn't make much sense unless the have organised themselves in a cartel. Otherwise they will go on creating virusses that they can block but the competition can't and that in itself is a double edged sword. Especially when there is the risk that the conspiracy will be exposed and that is a really quick way to kill your own company. Still it is not entirely implausible, but if it happens I think it will be incidental, one or two companies at most.

1.- Yes, some people create virus for fun (or to check exploits), and yes, some people make virus for hacking computers and get passwords, money of destroy data for fun.

2.- I don't know if you ask if there is AIs outside making viruses, or if virus are created by only one person. There are no known AIs making viruses, but in the past there were some programs (like VCL) that joined routines (what to infect, when to infect, what payload) to make "new" viruses automatically. Also viruses may be created by one people or more, like any other software.

3.- Maybe. In the past there were viruses that not worked as intended, so they spread more quickly or didn't activate the payload. In some famous worm, it causes spreading out of control, and collapsing entire networks. In other cases, some viruses can obfuscate, vary and cypher their own routines so anti virus analysis is harder. Keep in mind that those things are more like "camouflaging", they don't "mutate" as in nature where a mutation can lead to growing a third leg and those things. In computers, the only way to get a "mutation" would be related to hardware failure (corrupt disks, corrupt memory or corrupt communications).

4.- Yes, but they don't need to. There are too many people making malware, so they could get enough bussiness doing nothing, just keeping some viruses undetected by their own software.

5.- Too much work for them. It's way more effective for them going to watch TV while other people make viruses for fun or their own profit.

Thanks guys. Reading many opinions helps me to think in a broader sense, and helps lateral thinking too. Now I see the "Oh, that's why" and "hmmm...that's very true" and also "hmmm...I didn't think of THAT possibility" scenarios. Thumb's Up! 😀

Regarding #3...perhaps.

There have been a few cases where virii with new functionality has "evolved" in the wild due to multiple virii/worms effecting the same files. For instance virii that normally spread via floppy disk may combine with a worm that spreads over a network, creating a hybrid virus capable of spreading via either mechanism.

#1: Both. Some do it for profit, some for political ends (see STUXNET and Iranian nuclear fuel refinement centrifuges: http://en.wikipedia.org/wiki/Stuxnet), and some for fun. Do not underestimate the creativity of bored hackers*.

#2 is a grey area. It's certainly possible to have a machine auto-generate exploit code. In principle, you should be able to supply a sufficiently advanced analytic program with the source code for something and have it look for things like potential buffer overflows, unsanitised SQL in web scripts, etc. and generate an exploit. In practice, I don't know if it's ever been done.

On the other hand, you have things like the metasploit framework, which lets you combine code fragments from known exploits with payloads to achieve your desired result on the target system, then deliver it with configurable encodings and transports. The exploit code and payloads are still man-made, but the end result can be a custom-built attack targeted at a specific host.

Re: #3, I think this is about as close as you're going to get: http://en.wikipedia.org/wiki/Sony_BMG_copy_pr … rootkit_scandal

That said, in the world of infosec, it's not uncommon to find common programmer errors like buffer overflows that, once discovered, allow a remote attacker to execute arbitrary code on your system (which usually leads to rootkits, data theft, or both).

#4 and #5: Well, sure it's possible, in the sense that it's certainly not impossible. But more realistically, the internet (and the infosec world in general) is a hostile enough place already that doing so likely would not be worth the risk of getting caught. The payoffs would be pretty meager, since there's still an incentive (often financial) for malicious software authors to go about their business without the urging of AV companies - botnets, spam networks, credit card theft, online game account theft (stealing a WoW account is worth more than a CC, on average) and so forth.

And that's not even considering that a huge number of exploitable bugs are discovered by programmers, researchers and other altruistic 'white hats' whose goal is to improve the overall software security landscape by submitting (and often, ultimately publishing if software companies don't fix them) said bugs.

* I mean hackers in the traditional sense (http://catb.org/jargon/html/meaning-of-hack.html), not the more modern "cracker" sense.

I've often pondered this myself, and I wouldn't be surprised if it were true. 🤣

1. Like anything else, people do things because they can.
2. Yes (we hope), otherwise Skynet is active... and that is tinfoil hat action 😁
3. See #2
4. Wouldn't surprise me at all, business is business, and business is war.
5. Some organizations do go after malware creators quite heavily, Microsoft for one. My question is, why hasn't Sony been ordered to pay billions of dollars to all those effected by their rootkit technology which opened up a HUGE can worms in the malware world... Above the law I suppose... This is an example of shady business practice ,instead of informing Microsoft of this SERIOUS security flaw in Windows OS's. Malware often employs techniques created by DRM solutions, and vice versa, it's a shady area at best. I would be more concerned with this type of ethics employed by companies rather than back-door business deals to protect their interests... or is it the same thing entirely with a different public perception due to IP and Copyright? HRM...

One thing to keep in mind - there is *so* much malware out there already, that even if every virus writer ever disappeared overnight, we'd (that is, AV companies) would continue to have almost endless support work to clean up the infected machines. We don't need malware authors, we don't *want* malware authors. If it weren't for them, we would be happily employed doing other things. I'd be a far more active contributor to DOSBox, for example. :-)

Peter: Yeah it's too bad, I know of your skills from elsewhere. You would make some fine contributions!