http://redtape.msnbc.com/
http://redtape.msnbc.com/2007/03/bots_story.html
Bob Sulivan / MSNBC.com
Your home computer may be committing a crime at this very moment. It might be sending out spam.
It might be buying stock as part of a pump-and-dump scheme. Or it might be helping attack the
Internet itself, silently and invisibly, as you read this story. And the odds your computer is
a criminal are quickly rising.
The Web, some say, has been turned into an operating system for criminals. Computer viruses
that hijack PCs and turn them into electronic robots, or "bots," have become the killer app.
The operation of networks of hijacked computers is so lucrative that hackers are actually
fighting electronic wars over them, a story we will explore next week in part two of this
series.
New hacker techniques make these virus attacks so subtle that there is no way you would know
your computer is a criminal. And there is a growing sense among security experts that hackers
have gained the upper hand in what was once a neck-and-neck arms race.
Bots can squirm their way onto home computers in myriad ways: a virus-laden e-mail or a
booby-trapped Web site are the most common. But some viruses can attack your computer in the
background, silently worming their way through networks via unprotected ports and porous
firewalls, using vulnerabilities that software companies don't know about.
Earlier this year, Internet founding father Vint Cerf dramatically suggested that 150 million
computers worldwide may have been hijacked by criminals. Most experts think that his estimate
is high, but they still count infected computers in the millions, or tens of millions. And
there is general consensus that the Internet is under assault from virus writers like never
before.
Listen carefully to the words of those who are trying to help us keep our computers safe from
Net criminals and you'll get a creeping sense that the boat is leaking faster than they can
bail out the water. There were two-and-a-half times as many viruses released in 2006 as in
2005, and the growth rate has continued through the first quarter of 2007, said Eugene
Kaspersky, chief researcher for Kaspersky Labs.
Antivirus firms "may not be able to withstand the onslaught," he said at a recent computer
security conference. "This is a competition where the antivirus companies, I fear, are not in a
good position."
Another antivirus executive put it more bluntly in a private conversation. "I think we've
failed," said the official, speaking on condition of anonymity. Computer security firms often
use hyperbole to help get attention for their products, but expressing helplessness is
something new.
Serious crimes for serious money
The security firms' helplessness means more home computers than ever are being hijacked by
organized criminals. Those who control the computers, known as "bot herders," have little
interest in the kinds of pranks that hackers typically played with their viruses five or 10
years ago. They commit serious crimes for serious money.
How serious? Earlier this year, a bot army sent a torrent of Internet traffic at two of the
Web's 13 critical domain name servers, directing the equivalent of millions of e-mails at them
within a few minutes. The mysterious onslaught would have rendered the Web useless if it had
succeeded in taking the domain name servers down, but after a few hours it stopped as quickly
as it started.
continued.....
http://redtape.msnbc.com/2007/03/bots_story.html