A botnet is a collection of infected computers under the control of one or more attackers. These botnets are used for a variety of criminal purposes – all of which pose serious risk to the infected user as well as to the entire Internet community.
Once your computer is under the control of a botnet, it may be used to spam others, host phishing sites and other illicit files, infect or attack others, or have adware and spyware foisted on it so the attackers can collect from various affiliate advertising programs.
Even worse, many of today’s threats include keylogging capabilities. Of special interest to the attackers are your personal financial details – once stolen they are used for everything from credit card fraud to outright identity theft. In short, it’s not just your computer at risk – it’s your wallet.
The Botnet Population is Huge
According to a study by McAfee, "at least 12 million computers around the world (are) compromised by botnets." That means the botnet operators are controlling a population rougly the size of Guatemala. In fact, the number of infected systems would place it at about 70 out of 230 sovereign states and territories. More than Greece, bigger than Hungary, Belgium, Portugal or Cuba, and just a million behind Zimbabwe and Ecuador. The Czech Republic, Bolivia, Sweden, and the Dominican Republic would all be smaller.
While broadband users are favorite targets, dial-up users are equally vulnerable. Various studies have demonstrated that an unpatched, unprotected system can be compromised in as little as 5 minutes online. And if you're thinking it can't happen to you, think again.
It's All About the Money
Viruses, worms, and Trojans have evolved far beyond the childish pranks of yesteryear. Today's attackers are serious criminals - in it for the money - and your system spells international currency. Botnet operators get somewhere between 15 to 40 cents per infected computer, which means they need thousands of infected computers to make serious cash. And with all the focus on money, and not on notoriety, you can bet they'll make every effort to stay under your radar and get onto your system.
To ensure the greatest chance of survival, malware authors routinely submit their creations to online scanners. They repeat this process over and over again, until they've successfully created a virus, worm, or Trojan that the scanner won't detect. And that's the one they'll use to attack your system.
This means the vast majority of new viruses, worms, Trojans and other malicious software may not be detected by most antivirus or antispyware scanners until after (a) it's been discovered and (b) you've applied the necessary updates. But the malware authors have a trick for this, too. They also craft their malicious code to cripple the scanners such that the necessary updates may never take place.
Become Actively Engaged in Your Own Security
This isn't to say that antivirus isn't needed. Antivirus software is a must - and on a properly managed system, it's invaluable. But it's not a panacea and if it's your only line of defense, chances are it will be breached. Security isn't a passive endeavor and to stay secure you must become actively engaged in your own protection. Here's how.