Ah, the early days of home computing! Back in the 80’s, and for much of the 90’s, few home computer users gave much thought to Internet security. We weren’t worried about electronic vandals or criminals damaging our machines, and the only medicine for viruses came from the family doctor.
The world we now live in is dramatically different, and Internet security has become the responsibility of the end user. What used to be like a walk in the park is now more like a midnight stroll down a dark alley. In the same way that the police won’t check to make sure your car is locked, no one but you can make sure that the bad guys are locked out of your computer.
Upwards of 100 new computer viruses, worms and trojans are released “into the wild” every day, with the first quarter of 2005 showing a 300% increase over the same period last year. 88% of computers have some kind of spyware installed, with an average of 25 spyware instances per machine. As of March 2005, less than 25% of corporate computers in North America had been upgraded to Microsoft Windows XP Service Pack 2, despite Microsoft’s aggressive promotion of Service Pack 2’s new security features.
Internet fraud schemes have also experienced amazing growth, using spam “phishing” emails, fake web sites, and the new darling of the bad guys, instant messaging (IM). In December 2004, 60% of all e-mail traffic was spam, with 33 million phishing emails per week. 13,141 unique types of phishing e-mails were reported during February 2005. Last quarter, IM networks saw a 400% increase in fake instant messages, or “spim” attacks, with the largest burden falling on America Online. Phishers stole $500 million in 2004. One survey shows that 70% of Internet users have visited a bogus website, with private data being given up by 15%. Identity theft cost the U.S. economy $52.6 billion in 2004, with 11.6% of ID theft cases occurring online.
The boldest crimes come from online extortioners. The new PGPcoder virus infects a computer, and then encrypts the contents of the machine’s hard drive, rendering the computer unusable by its owner. It then leaves behind a text message instructing the owner how to pay $200 to have the machine returned to a usable state. Using what’s known as a distributed Denial of Service (DOS) attack, organized crime groups are using thousands of virus-infected “zombie” computers to extort huge sums from large companies. If the companies don’t pay, the zombies all begin downloading pages and files from the company’s website at the same time. This eventually overloads the company’s network computers, and causes a “denial of service” to the company and its customers. Given the international nature of these attacks, and, knowing that law enforcement has a slim chance of catching the perpetrators, most companies pay.
Sadly, the new computers that come off the shelves at your local retailer are not ready to safely face the Internet for an extended period of time. Next episode, we’ll look at ways how the home or small business owner can lock the door to the bad guys.