By JOHN MARKOFF The New York Times
In their persistent quest to breach the Internet's defenses, the bad guys are honing their weapons and increasing their firepower.
With growing sophistication, they are taking advantage of programs that secretly install themselves on thousands or even millions of personal computers, band these computers together into an unwitting army of zombies, and use the collective power of the dragooned network to commit Internet crimes.
These systems, called botnets, are being blamed for the huge spike in spam that bedeviled the Internet in recent months, as well as fraud and data theft.
Security researchers have been concerned about botnets for some time because they automate and amplify the effects of viruses and other malicious programs.
What is new is the vastly escalating scale of the problem - and the precision with which some of the programs can scan computers for specific information, like corporate and personal data, to drain money from online bank accounts and stock brokerages.
Tips for Protecting the Home Computer
Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows' ubiquity makes it fertile ground for network-based attacks.
Using a non-Windows-based PC may be one defense against these programs, known as malware; also, anti-malware programs and antivirus utilities for the PC are available from several vendors.
Microsoft entered the computer-security business last year and now offers a free malware-removal tool for download from its Web site. The company says the program removes about two million pieces of malware each month, of which 200,000, or about 10 percent, are botnet infections.
Like Windows, Microsoft's Internet Explorer browser is also a large, convenient target for code-writing vandals. Alternative browsers, like Firefox and Opera, may insulate users. Microsoft's most recent browser release, Internet Explorer 7, is said to offer significantly improved defenses.
Adding software to your browser like Noscript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC.
Security experts also offer these tips:
Don't share your computer (on which you pay your bills) with your children (who download games).
Use a firewall program that warns you about outgoing connections that botnets make to communicate with control software.
Don't use the same password on more than one financial site.
Don't let your browser store your password for such sites.
Don't buy anything offered by a spammer.
Don't click if someone offers you something too good to be true. It is.
Copyright 2007 The New York Times Company