If you have used a computer and the Internet for more than a few weeks, you have surely seen and heard many references to the concept of “Computer Security”.  And if you're one of our clients, you have almost as surely heard me rail on the subject to the point of your eyes glazing over.  You may think the issue is being over-emphasized.  It is not.  You may think something along the lines of, ”But I don’t keep any really sensitive data like bank records or credit card numbers on my system(s), so I don’t have to worry about security.”  Nothing could be further from the truth.

From the perspective of a would-be “hacker” (in the less correct, but more commonly understood, pejorative sense of that term), it is not your data which is attractive.  Rather, it is the system itself — or more precisely, the use of your system — which is the prize, especially if it is connected to the Internet via a “consumer broadband” service, such as  DSL or so-called “cable modem”.  By far, the most common current source of Trojans, worms, viruses, and spyware are the several professional “spam gangs” which infest the Internet[1].  These are large-scale, well-organized multi-national criminal enterprises, with resources and operations world-wide (although most of the “bosses” are based in either the United States or the former Soviet Union) — they are literally the modern-day “Mob”.  The spamming itself is used as an enabling “jumping off point” for other crimes such as credit-card fraud, identity theft, illicit drug sales, kiddie porn, and all manner of scams and schemes.  And so far at least, the appropriate law enforcement agencies have been dismally ineffective at even slightly curtailing their illicit activities.

A key part of the modus operandi of these spam gangs is to plant (or cause to be planted) special-purpose “Trojan Horse” programs on as many otherwise innocent users’ systems as possible, so that these systems may then be easily hijacked to form a part of what has become known as a “’bot net”[2] — a sort of underground network of compromised systems through which the spammers can not only send spam, but also host illicit websites and DNS servers, and launch attacks (including to plant still more trojans) against still more systems — and usually all done without the knowledge of the hijacked system’s owner/user.  In fact, the growing ubiquitousness of very powerful personal computers makes it even easier for the spammers/hijackers to hide their tracks, as the performance degradation induced by the malware can more easily go unnoticed on such very high-performance systems.  The most common methods used by these spammers/hackers to infect the target systems are two-fold: E-mail-borne worms/trojans/viruses, and so-called “drive-by downloads” from rogue and/or already hijacked websites.  And correspondingly, the “payload” of most of the major viruses identified over the past few years have been programs whose sole purpose is to surreptitiously turn your system into part of their “zombie army.”

It has been repeatedly estimated by the various reputable organizations which track this sort of thing that something between 75-90% of the e-mail traffic on the Internet is spam[3], and our firewall and server logs provide convincing evidence that this estimate is very conservative.  Notably, the single largest portion of that illicit traffic is being injected via compromised “zombie” PCs hung off consumer broadband connections, largely in the USA[4] — in other words, from computers just like yours.  Furthermore, that figure keeps growing, year after year, to the point that it is now threatening to undermine the ability of the 'net to cope with it and continue providing useful functionality.  In other words, this is a very serious problem, and one which everyone who uses the ‘net must be cognizant of if there is to be any chance of a solution.  Hence, it is the responsibility of everyone who connects (even indirectly) to the Internet — yes, this means YOU — to ensure that their systems are adequately protected against such attacks and illicit use.

---

Footnotes:

[1]  See the SpamHaus.Org ROKSO list for comprehensive background information on many of these "spam gangs".

[2]  Also known as "botnet'; see definition and technical explanation here and here, some background information here .

[3]  For example, this February, 2005 article from SpamHaus.Org pegged then-current spam levels at "75% of all email traffic arriving at most ISPs mail servers," and predicted that "by mid-2006 spam could reach 95% of all email traffic and we would at that stage see visible signs of the beginning of a slow meltdown of email delivery systems caused by overloaded email queues and stressed spam filters."

[4]  See these charts at TQM³ for confirmation and further background information.

---

---

---