Here's the answer - everyone, turn off your computers and your routers...
But wait, how will we find out about this imminent threat to civilization?
Sorry, but this reads more like sensationalism then news.

When will your company begin to talk about the corporate facilitators? You may know the biggest exploitation of botnets hackers is the pay-per-click ad model to simulate remote computers clicking on ads. Why haven't you addressed the search engine firm that cut the checks? Why do you really think their revenue is explosive? Why do you think they are not forthcoming about giving their advertisers a true audit on who clicked on the text-ads?

Do some math -- .15/per click, 1000 botnet computers around the world clicking every 15 seconds and that is a 2-3 person operation.

In terms of the stock pump-and-dump, let's not forget a large web portal firm that had message boards faciliated those type of posting unchecked. They recently got rid of their message boards but they still facilated the hypsters engaged in pump-and-dump.

My money is on Bill having bots galore in his computer.....dude, download spybot or adaware from download dot com and you'll see...it's a reality, not scaremongering. The computer geeks leave that stuff up to the politicians.

Then you also have to wonder, how many of the "Anti-virus" companies are involved. It has always seemed strange to me that a virus is announced and within 24 to 36 hours at least one of the BIG companies has a fix for it. Just a little convenient, or maybe I'm just paranoid.

Unfortunately, these problems are real. They cause problems everyday. And there is no easy answer.

It would be a mistake to not believe these are ACTUAL threats to the workings of the Internet.

However, any solution will probably need to as transparent to the user as the problem is.

How about getting some young talent who can come up with software to return the favor be intercepting and returning program which destroys offenders entire computer..for all the intelligent people doing this there has to be just as many or more who can fire back

Unfortunately, most of what is in this article is true. Being the "neighborhood geek", I spend a significant portion of my free time disinfecting my neighbors computers, often repeatedly. My neighbors are not stupid, but they are rapidly losing the impression that the Internet is a friendly place, especially when I started charging them $50 to disinfect their machines. The basic problem, of course, is that the software that runs on PC's is designed to be user-friendly, not secure. Until we change the users' mindsets - not to mention the software manufacturers default settings - this will only continue to get worse.

If people quit reading and responding to spam, the problem would begin to dry up. It's the people who are easily manipulated who help these computer terrorists in business

YOUR CAR MAYBE COMMITTING A CRIME NOW. THE PARKING BRAKE MAY HAVE SLIPPED AND IT IS SPEEDING DOWN THE ROAD. WE MUST STOP THESE FELON AUTOMOBILES NOW!
NON-LIVING ENTITIES CAN NOT COMMIT CRIMES!

This was a sobering article. I am sure that this is only the tip of the icberg. How unfortunate that the internet has a "wild west" feel to it now. I remember when ....it took me three diskets to get up and running.

Simple solution: Don't ever use Microsoft products. Seriously, they cannot even implement a proper user control scheme in Vista after 5 years of development. Instead of taking the rational approach of requiring an administrator password when attempting to install a program (such as that found on Macs and Linux), they shift liability to the consumer by making you click a simple check box. It will not take long for a hacker to come up with a virus that automatically clicks the yes authorization. I use a Mac (dual booted with Windows XP), and haven't had any problems with spyware, virii,etc while using OS X.

I'm surprised that there was no mention that Apple Macintoshes don't get viruses...

Yeah, this Kant Saye from Macon has no idea how to write a coherent sentence. These (worthless) technical types are terrible communicators. Why are they increasingly calling the shots? It's a sad day when morons like Kant Saye are allowed to export their terrible communication skils.

How do I sign up with these spammers and search engines. I would love to be employed by them. Lots of money is involved and job security. You can always count on big corporations funding these endeavors. So seriously how do I get a job with these spammers, at least until it becomes illegal.

I think that computers are going to control them o wait they already are.it's only time before they control the rest of are daily lifes and people become so reliable on them that we won't know how to live with out them. The whole spam needs to stop but, with all good thing there are sides of things. well thanks for hearing me out.

MICROSOFT is solely responsible for this. I've been preaching about this and warning about this for 10 years now and still -- even with vista, they don't understand how to secure the OS. What gives people? All that capital and MICROSOFT can't figure out what the few simple changes are that would solve this once and for all. Hint: It's not the 'allow' or 'deny' technique. LOL

The internet is becoming as important to commerce as the interstate highway sytem that was started by President Eisenhower in the 50s with a major investment. Every vehicle that uses that highway has to have an approved license and inspection sticker, for the safety of all other users. It is time to take a serious look at federal govt support (1) to fund improved anti-virus software and (2) to develop screening procedures to deny access to the internet for users that do not have approved, licensed firewall/anti-virus software. There also has to be a way to print on a computer screen a list of emails being sent out that alerts a user.

This may not be popular for a lot of casual computer users, but the security and the impact on our economy will more than justify the cost.

Just a reminder, Windows Live One-Care finished DEAD LAST in a recent Anti-Virus test.

Pick your Anti-Virus, Anti-Spyware/Adware with care, it should not be bundled with your computer's operating system. That's like the fox guarding the hen house.

I beleive "Kant Saye" Said it all!

Most murders are crimes of passion or stupidity and are minimally detered by the punishment of getting caught. Most of the cyber-crime is intelligent and pre-meditated so I believe deterrence would work well in stopping the problem. 10 or 15 year mandatory sentences and sophisticated enforcement teamed with sophisticated detection tools would quickly turn this into a managable problem. Expect congress to pass legislation on this problem as expediantly as they have the other major issues facing this country.

I think the anti-virus program companies are sometimes behind this. That is how they stay in business and continue taking our money.

How in the world people can have no clue this stuff is on there computer is beyond me,especially with all the free removal and protection tools like spybot and adaware out there.If people would quit being so stupid as to open every single email file they get or to click on the links to 'install this critical update from microsoft' i don't think we would have as big a problem as we do.

Should technology not yield effective solution soon, the anonymity available on the Web/Internet may need to be traded through regulation or legislation for security and stability. Unfortunately, our economies, as well as our societies, are acceleratingly becoming dependent on, if not addicted to, the Web/Internet and we appear to be unwilling and unable to kick the habit. Politicians/legislators may be able to help by also passing anti-predator law(s). Such law(s) could/should also eventually be extended to other predator targets, e.g., gambling, sex, drugs, alcohol, religion, etc. However, our politicians/legislators may already be too addicted to special interest groups, lobbyists, etc. to do so and the public too addicted to whatever to allow them to do so.

"Experts advise computer users to scan their system with multiple antivirus products". This is terrific. First of all, I've noticed that multiple version of anti-virus software installed on the same machine do not co-exist well with each other. Error messages etc proliferate. Secondly, the anti-virus programs consume so much of the PC's resources that my machine runs at a crawl.

This is all a ploy by the "anti-virus" companies to sell more product. If one anti-virus is not enought maybe 4 or 5 or 20 are needed to do the trick so person buys a computer for $500 and then has to spend hundreds or thousands of dollars to protect his PC each year. I am sure there are more hackers every day because I get more and more spam every day and I know they know more about my PC's operatoins than I will ever want to. Maybe the solution will be that we will all need to disconnect from the Web when we are not using it. Turn off you router and PC's night when you go to bed and turn them on the next day

Have microsoft "slowdown" all computers for 15 minutes once a week....then track the criminals.....sort of like an air raid drill.

There is a simple solution to this; go back to the old days and do not use a computer at all or at least only use a computer that is not connected to the net, period. People should go back and read books instead. Some humans are so crooked and evil they will abuse everything as long as it is to their advantage, history is our proof. Humans do not deserve to live in a peacful and free society because there always will be bad ones that make live miserable for the others. A free society will only work as long as the law governing it can protect the majority from the evil humans. Our free society obviously has failed and is failing to do so. We all know deep down what the consequences will be as a result of our society 's failure.

Makes me feel a little bad about giving my ad such a hard time for downloading the Swedish porn dialers onto his PC. Apparently it's a lot easier to screw up your computer than it used to be. Thank God they need to be replaced every 2 years for hardware upgrades anyway.

We need a good method of reporting individual netbot nodes. Get so many reports about your node, you are kicked off line until you disinfect. If the criminals have improved their technique, so should we. I cannot help but believe that filtering cannot control this problem, but then maybe the ISP does not want the problem to be controlled.

Now we are advised that we need multiple virus detecting programs installed. Sounds like a virus companies marketing dream.

Jeez, couldn't this be argued from a social Darwinistic point of view? Much like crime in general, which, due to "limited resources", is fought by taking on those cases most likely to result in convictions, the criminally inclined can always count on the slow and stupid being caught, like the few individuals in a school of fish ending up as barracuda grub. And yet, the problem will never, I repeat, never be fully solved or contained. The adept will continue to survive and thrive; the inept will end up as statistics for inept polititians to wave about as signs SOMETHING is being done. And the herd goes back to grazing(browsing?).
So, those in the know, gird yer loins. The rest of you, rest complacently in the knowledge that you have filled a vital niche in the social fabric-that of entertainment for the rest of us. Bwahahahahahaha.
Look at it this way, if it happens to me, the self-righteous among you can cluck your tongues and nod knowingly, saying 'arrogant schmuck-he had it coming to him; it was Karma", or some illogical claptrap along those lines. Those of you who've had a scrape or two and, like me, have only the best defenses available, wipe your brow and say, "there, but for the grace of whatever deity you hold dear, go I...".
Here are a few simple rules for driving around the information superhighway without getting a flat all the time:
1-Stay away from porn-notice it is rather boring and repetitive.
2-Reconcile your greed. A trip to the BBB website will provide hours of entertainment over those whose greed got the best of them in the dopiest manner imaginable. Don't follow suit.
3-Don't open, respond to or open attachments in emails you can't account for, regardless of how insecure you feel about the size of your unit.
4-Responding to "FREE" offers of merchandise and services by providing details of a personal nature is like leaving home with the door wide open and a sign outside that proclaims your absence. Great for crooks, not so good for you.
5-This last one is a general warning-Don't play on the highway at night, dressed in dark clothing.

I agree with Bill.
Skynet is coming...what’s next? Quite frankly I think Hollywood has it right with this one (Terminator series). I don't think the world can handle what the internet and computers are creating. Nice tool for honest people and scammers alike!

it seems like this problem isn't going to have an easy answer and we need to think more dynamically about the solutions. the hackers are certainly thinking 'outside the box'

what about an operating system that reloads itself from scratch every night? your personal files could be preserved in some sort of secured area and monitored for any changes that you don't specifically make. What about email addresses that change every day in a transparent way? (meaning you may have the same email address, but it's just an alias for a different address that changes every day, or every hour.) PC's may not be quite powerful enough yet, but thet will be soon...

I guess the idea is that there must be a solution, it's just a matter of approaching the problem in new and unconventional ways.

I'm an IT Analyst (13+ years now). What is true and NOT true about this article:

TRUE
a) Times have changed, it is a lot worst than a few years ago.
b) There are huge bot armies on the net
c) Your computer may be infected
d) The security software can't keep up with viruses
e) Users lack of knowledge is the best asset hackers have at this moment. Most users NEED a computer that protects them from their lack of knowledge. I hate to say it but VISTA is better in this regard.

False (or not very acurate)
a) The number one point of entry to a computer are still two programs, the browser and eMail client. Those programs CAN be secured.

b) An infected computer may not be part of a bot network. Most infected computers give signs that something is WRONG.

c) Hackers still need users to do SOMETHING if your computer is well protected. They need to trick the user in some way and smart users don't fall for these tricks easy.

d) Basic defences like firewalls, anti-spyware, not to open unsolisited eMail and don't download ANYTHING from any site you don't trust 100% are still the BEST defences. You just have this new generation that just goes nuts downloading EVERYHINTG they find. Is like they think they are going to miss out on something good.

As I said, I hate to say it but in this regard VISTA is more secure. The problem is that a lot of hardware is still not compatible with VISTA and even some software. Good for a new machine, if you upgrade get ready for a fight and the person saying this has been using PC's since the days of DOS.

It appears that the internet is getting more complex. Maybe it is time to emulate the human body and create antibodies.

I've never understood why people just HAVE to have their computers on at all times of the day and night. What's the point? I have cable internet...but I put the modem on stand-by unless I'm sitting there. I probably have bots even though I run both adaware and spybot, but they can't do much because our computer is not freely accessible to the internet 24 hours a day. The article's mention of shutting down computers when not in use is probably the best suggestion made yet.

More stupid users every day, Bill made a bad decision to make computing available to the masses.
I always knew the best virus protection was a smart user, not stupid user, average software. Many users a day tell me they don't go to bad sites or install software. Logs and a simple spot check tell me different.

I don't open spam, I don't read spam, I don't click on the "click here", I have anti-virus and anti-spyware software, I am a twenty-something computer-literate consumer-electronics salesperson and I likely will have to reinstall Windows to get rid of the malware currently infecting my computer. It's real, it's smarter than you, and it's insanely irritating.

Stupid Stupid Stupid ..!
The BOT issue is horribly overblown and this aricle is pure fearmongering !

If people (consumers) would just ignore SPAM and only surf "reputable" sex sites, the BOT issue would evaporate ..!

To point fingers- Microsoft built Windows with security as a secondary goal. Apple's OSX is inherently more secure because of how it was built.

Do not give more money to Microsoft and their shoddy products. It's time for you to switch to a Mac and enjoy a virus free environment.

It's interesting to read the different comments about this article. The unfortunate thing is that if your computer is turned into a bot, you are liable, so technically it can commit a crime even though it is a non-living entity. There are companies out there that are working on making solutions more affordable for all of us. Check-out this company for example, their software is free for networks that have 10 users or less. www.untangle.com

Do these statisics include all OS's?

and of course all those virus repair companies on the next page will show you have a virus whether you have one or not and probably show you have several viruses even though you don't just to sell you their product!!!!!!!!!!!!!!!!!

goto AVG and get "real FREE virus check and also spyware for free - never a fee"

i'm just a computer user who hates these companies that lie to you to get your business ............

sircaptgordo

As an IT professional, I have to say that this is completely overblown and grossly overstated. Bill is right, this is not news. It is a blatant attempt at sensationalizing a minor problem. Computers configured with the most basic adware, spyware, or antivirus packages will catch 99% of any potential threats. Couple that with a firewall of any standards and you're almost home-free.

I finally suspended use of Symantec on one machine, because the perpetual updates dogged performance. It got to the point the Internet Security medicine was as bad as the disease. It's a resource hog and causes other problems, too. MessageLabs doesn't use client side applications, but have to run all traffic through their system of routers, etc. That's both good and bad.

I provide Internet and computer security for the United States Department of Defense. Before that I was a member of IBM's firewall team. Prior to that I was the head of an Internet service provider. I've put thousands of people on the Internet, and I've cleaned up countless infected computer networks.
Believe it. The article is real and so are the millions of infected computers. The general public is not smart enough protect their own computers. Eventually everyone will have to be placed behind a firewall, and it will be the Internet service providers that will be forced to firewall their customers from each other and from the rest of the Internet.

-Ray

The problem is that email return addresses can be masked. A hacker will never give out his own address but use that of another. That is why they can't be found. CHange that and much of the problem will go away.

I just found out that there are a grouping of "undetectable" viruses that eat firmware out there. We got one running 3 diff. virus and 6 diff spy/firewall apps. It killed the firmware on my harddisk. You can't tell me they don't exist.
I delete all unrecognized addresses from my mailbox, scan all incoming & outgoing; scan and update all of my software at bootup and shut down, and at midnight everyday.
I don't know what else I could've been doing different.
My advice--don't keep any personal info on a drive that has any kind of access to the web, and run any and all anti-everything that will run nice together whenever your on & when you're not. You won't be safe, but you'll be safER.
Why can't microsoft make products that play well with others, and make the good stuff affordable-shoot they've got money, they don't NEED to overcharge; and they'd sell a boatload more if everything would play nice.

Thanks for writing this article!
Just to let you all know how serious this issue really is, I recently quit my $60K a year full-time job to start a company that just cleans infected personal computers. Unfortunately, the majority of folks that are surfing the web these days just do not understand what they are up against and do not take appropreate action.

What astounds me, given ALL these security flaws in the Windows operating system, is that people keep using it! Wake up! There are operating systems which are not nearly as vulnerable. The Mac Operating System (on Apple computers) is virus and spy ware free! Linux and Unix even sport applications similar to the Microsoft Business Suite that individuals (though not businesses) can have for free.

Bots and bot networks are very real. Bottom line is it's about money. These white collar criminals are in it to make a quick buck and then move on. Whether it's spamming, holding information for ransom, or whatever the case may be...they are out there. Bot networks have been around for many years, but have become increasingly popular as technology has developed. Visit Websense.com to see how we stop them.

Bots and bot networks are very real. Bottom line is it's about money. These white collar criminals are in it to make a quick buck and then move on. Whether it's spamming, holding information for ransom, or whatever the case may be...they are out there. Bot networks have been around for many years, but have become increasingly popular as technology has developed. Visit Websense.com to see how we stop them.

The solution rests in a single word; Mac.

Hey Bill. What's the difference between then and than? Obviously you don't know. I wouldn't trust listening to someone who doesn't have a command of the English language. Conspiracy? Every time there is a warning to tell people there is a problem and you should be aware, there are always nuts who believe it is a conspiracy. Why don't you just spend a little time checking it out for yourself? That would be a novel idea. Then we have some jerk like Harry making fun of it with some ridiculous lame story.

Imagine Wall Street shutting down for a week or two. And the banking system. Transportation systems shut down like the airlines. Computers used by hospitals and health care providers or government institutions like the social Security Administration.Internet interdiction may well be the next terrorists battlefield.

An interesting article - consider the possible ramifications when we then examine how so many like to believe that the stock market is an appropriate indicator of this country's economic health...

Are the effects significant enough to alter the day's end of trading? Who else might be using pump-and-dump bots ... and to what end?

Things that make you go ... hmmmmm

This article is true. I have personally seen several "rootkits" on my company's computers (yes, we have a firewall) that we have been unable to remove. Norton, Spysweeper and several other products were tasked to remove it to no avail. Fdisk and cleaning of the boot sector finally took it off. But, except for the effect and outgoing firewall alarms, nothing ever saw it. We have a crisis on our hands

Simpler solution is--Get a Mac.

The internet is valuable infrastructure much like freeways and hospitals. As such it requires resources to maintain and grow. Unfortunately soon all malware and virus products will eventually have to collaborate much like the criminals do to keep up. Also closer tabs will have to be kept on programmers and software engineers to ensure that they are working for legal purposes. Would you feel comfortable with nuclear physicists travelling the world and working for who knows who. Anything that we do though is trivial and doesn't matter because the problem stems from unregulated safehavens around the world where money laundering is easier. It may come to the point where government will need to spend much of its budget on protecting its own interests namely the information superhighway. We all rely on it now. Losing it would be about as bad as loosing a car or cell phone or even your wallet. What is the cost. Think of it in economics. Opportunity cost. Cost to fix and maintain it vs. cost of losing it.

The stupidity of cyber-criminals, and those who choose to work for them, is that soon they will kill the very thing they need to feed on. The get-it-while-you-can mentality is the real infection.

Frankly, high tech has become its own undoing. All the T.V., video, games, and internet has only served to make people more isolated from each other. In this way, high tech has become our master instead of our servant. We have lost most of our social skills.

I welcome the day when people are FORCED to start doing business with people, face to face, and hand to hand. Maybe some of the caring, love, and social graces will reappear.

The reason we are in this mess, is that Microsoft automatically allows applications free access to the Internet, in response to software manufacturers demands by software manufacturers demands for connectivity for a number of reasons. There are many copy protection routines which manufacturers do not even want users knowing exist etc. Software companies are permitted to piggyback spyware onto "free software" etc. It is very difficult to look at your system without the use of complicated and expensive tools and see who is communicating outside of your machine, and there are virtually no outbound blocks. Windows Firewall for example only looks at inbound traffic, but allows all outbound traffic.

I don't see this getting fixed until something huge happens, and we are not yet there.

So I always here on commercials that Macs don't get viruses, does that mean that no Macintosh has contributed to this mess?

Man I wish I still had my tandy 1000. It had less problems than PC now

So I always here on commercials that Macs don't get viruses, does that mean that no Macintosh has contributed to this mess?

Sam from Boston may be on to something. Maybe going online should require that you pass some sort of test. This might weed out the 1-2% of users who are stupid enough to open or respond to spam e-mails.

I threw my computer out 2yrs ago, I have never been happier, no spam no bogus e-mails to sift through. I maintain a written file for all of my financials and actually write letters and make phone calls to my friends and relatives (how archaic) I won't be scammed again though

I saw that someone said the anti-virus companies may be involved and you could be right. But consider this. It is their jobs to track and immediately find a solution for these viruses. This would be either on their own or through consumer alerts. If an anti-virus program is sold to 500,000 customers, odds are that someone would call to report one as soon as it surfaced. Further, just like Microsoft, they may surface and generate a problem report to the company when the virus cannot be healed or eliminated by the latest update. Somehow I have confidence that they find out quickly and remedy immediately.

Supprised the author didnt interview Steve Gibson http://www.grc.com/SecurityNow.htm

I would think that charging say 10 cents for each e-mail sent would cure much of the problem. I am not computer savy so I don't know how this would be done, but I would happly pay a few dollars a day to send my e-mails and elimate all this junk mail.

He forgot to mention that it is the Chinese government policy to infect as many as our US computers as possible, so if WWIII ever did happen, they could use as many as our computers against us. This is not a conspiracy theory or paranoia, smart people at the NSA are combating this everyday, and are witnessing this happening. http://politics.slashdot.org/article.pl?sid=07/02/17/1936236

It should be pointed out that 2.5x does not equal a 250% increase. Thant is all.

Spamming seems to be one of the most prolific ways of spreading the problem. Spam benefits the companies that advertise via this method - of course some links are clever redirects and carriers of malware. But links to websites that are legitiamte can be directly traced and verified. Why can't we eliminate (at least severely minimize) this paticular method by holding the advertised companies responsible for using unsolicited mailings? Eventually the only spam left on the Internet would be obviously from miscreants. Who would miss getting spam?

Some of the blame should be thrown Microsoft's way, too. I understand their position on piracy, but by denying access to Windows Update and its security patches to copies of Windows it believes to be illegitimate, they are assuring the vulnerability of these machines and aiding in the spread of these viruses.

I'm just "stunned"...or maybe..... "amazed"? We all know bits and pieces of whats happening in cyber space. But this was definitely an eye opener.

Maybe a better word for how I'm feeling is "vulnerable".

I can't hlpe but notice that MAC's are never implicated in these scams, but I'm sure it is only a matter of time before that changes.....

Get a Mac. Problem solved.

Please, Bob, do not use the terms "web" and "Internet" interchangeably. This relatively minor misuse of these terms is major indicator of your knowledge level on such topics, and lends very little credibility to your story. Get the right.

Hey all, don't worry! Once George W. Bush gets the next war up and running we all will be carving in stone again, that is those of us that live through it.

We tamed the Wild West... We can tame the internet too. It just may take a few striaght shooters who work for good instead of waiting for the sharif to take care of the bad guys for us.

Being an IT Professional I understand the message that they are trying to get across. Two things however were left out. First there is no ratio of supected bots systems to computers that are, as we call it, in service. This can show a much better relation of how many systems could be infected. The second is that they touched briefly on windows XP but did not talk about Vista or 2000 or 98 for that matter. One of the largest problems is the fact that there are a large amount of systems running old operating systems and even older anti-virus systems. These are completely open to hackers with any knowledge. I read some where about search site comanies like google that were working on their own Operating system that would be free. This might be one way of dealing with the problem. In the end it all comes down to money. The hackers want money so they control the machines of people who don't want to pay any more than they have to for their system to run. The software companies up their prices due to more frequent threats and slow sales, in reality opens up the door for the hackers, so customers are unwilling to pay.

I can't help but notice that MAC's are never implicated in these scams, but I'm sure it is only a matter of time before that changes.....

*COUGH* use linux *COUGH*

Gotta love the way this article is presented. Gives tips to bolster Vista security but not XP. Don't you think that it would be best to provide tips on the OS that is on MOST systems around the world. Or is this just another Microsoft ploy to make the sheep think that Vista will solve all of your security problems. I think not...

I've discovered recently that hackers actually publish a list of their "Defaced Websites" online. I discovered this while doing a google search on one of my domain names. They've grown a bit brazen. It's nice to have IP blockers.

Wanna know?
Check you Sent Mail, it always leaves a trail.

One simple solution is to disconnect ones machine from any outside links to the internet when email or internaet access are not required. Unplug the cable!

What is most disconcerting to me is not what is in the article, but some of these comments. I work in network security and believe me this is very real. Our Intursion Prevention System is blocking over 180,000 attacks a day. Those of you that think this is media dramatization or that it can't happen to you will be receiving a bad lesson on computer security soon. It may be minutes or years but eventually you will be hacked. Like Matthew Broderick said so many years ago - 'Hey, I don't believe that any system is totally secure'.

I can't help but feel that the punishment for these hackers cannot be severe enough. We need to increase the punishment ten-fold. Stealing - whether over the internet or out of someone's house is still stealing but when done in these numbers the article talks about, there should be increased punishment.

"How about getting some young talent who can come up with software to return the favor be intercepting and returning program which destroys offenders entire computer..for all the intelligent people doing this there has to be just as many or more who can fire back"

Did you miss the part in the article about the salary these 'young talents' are making? How many of these young talents do you think a 'good' software company can attract when the young talents can make, 2, 3, 10 times more on the 'bad' side.

Ending the Bot problem is as getting rid of MS Windows and running Linux. Linux is immune to the kind of Malware that plagues M$ Crapware.....

It seems to me that we need to combat this at the hardware level by implementing NIC cards that turn off when not in use or having a remote control that flips your entire network on or off the internet when you leave in the morning. Less time on the internet, means less hacking. Also implementing newer features into software for tracking say for instance DNS servers etc.. Not Easy so much but depending on AV software or spyware software to clean your pc and trying to combat infection is not working. It's time to wake up and take it to a higher level.

Glad I have a Mac...

Why don't we just classify this type of actions as a threat to national security (which it is) and impose the firing squad as just rewards.
Bet it would stop then.

There are actually applications out there that any kid with a computer can download that will build viruses for them! They are free and easy to find. As a programmer, I spend probably 75% of my time trying to figure out how a hacker would get into my software and building security to try to stop it.

Instead of everyone clicking on the "PayPal email" that says that you bought that $699 suit, open a new window and go to paypal and check your account. Users just want it to be easy and that's what hackers LOVE to hear!

Eventhough McAfee says I had no virus's, I knew something has been wrong the last few weeks. I used the 1st free scan on the list. Yep, I was right...You can be as careful as you like, you will pick up something. In the past I found using "free scans" DID find bugs that the "Paid & Installed" didn't see.

Thanks for the heads-up. For some time I have felt that my computer is living a secret life. All through the day I hear it's disk drive whirring away. Sometimes, in an effort to discover who it's talking to, I check for updates. Ninety percent of the time, I get no clue as to what it's doing. I see I have no choice but to add another chore to my weekly schedule. Thanks for the list of sites that can help me with this.

If you think for a minute that this is hype, just look at a log file for a good firewall. I showed mine to a group of friends a couple years ago, They found the over 300 attemped "attacks" in the previous hour very sobering.

How sad that we live in a world so obsessed with money. One has to wonder what those people will do when the whole thing comes crashing down and there is no more internet.

This article totally missed the point with the stock spam scam. If it were a case of scammers buying stock, then buying more with stolen accounts, where does the spam come into play? The fact of the matter is that they buy stock and spam several million people. There are enough suckers who want to get rich quick who buy the stock and inflate the price. This scam only works when greedy suckers respond to spam. Ignore the spam and this part of the problem goes away. (Of course the rest of the story tells the scary truth...)

I've been a Mac user for 3 years and have forgotten how bad it was to be a Windows surfer. My brothers and sisters are always calling me up and asking, "How can I get rid of these viruses." (Despite what this article says, these viruses and bots still make many systems sluggish) I used to tell them to get Norton and download Spybot and Adaware. Now I just tell them to get a Mac.

Now that the world has become so utterly dependant on web applications and internet access in general, it's obvious that pulling the plug isn't feasible. Getting the entire planet to participate in a "global blackout" so-to-speak is impossible. Another alternative is eliminating all the DNS servers... But OH NO! How in the world would EVER survive without our precious MMORPG's and porn-laded internet? What's scarier is that governments and industries are relying on the internet so heavily just to function. Look at all the money they've "saved". Because of all the money THEY would have to spend to rebuild an internet-independent support structure they won't even consider putting it to an end. As usual, the consumers are the victims. Minimize your risk by simply not connecting to the internet at home, and pray the federal government lives up to insuring internet-dependant banks when your life savings unexpectedly vanishes. Until something major falls flat on it's global face we'll keep funding and making money off the monster. It's sickening, however the bottom line always comes back to money and greed.

Sounds like the issue at hand is not just viruses, its Spyware. There are a number of solutions on the market to help protect. AV isn't enough anymore, you need a combination of things. AV, Anti-SPAM, Firewall and Anti-Spyware solutions to best protect and still it doesn't sound like 100 %. People are money hungry and they are going to keep these things eveolving. I've looked at a few and would check out SpyCatcher and SpyDoctor, but they aren't freeware.

I say we go back to monks with quills!

How can you deal with it? When the same people who write Windows Software and other operating systems, and even your antivirus are commiting the crimes.

Why Now #2- China. This is FAULTY claim.

Just last week on MSNBC, it was reported 38% internet attacks orignated from US (#1), 15% from China (#2).

Where is law enforcement in this mess? Clearly this is a major area for organized crime, but law enforcement is invisible here?? There have been laws past regarding spam and identity theft and stock fraud, but they are toothless without enforcement. In addition the SEC, FBI, Homeland Security, local law enforcement all have plenty of money budgeted for this area, but it appears to be wasted on a few bureaucrats who lack the skill to do anything effective against the onslaught.??!!! I've gotten that Placebo response from the SEC when reporting stock scams, but there is no action. I've reported thousands of spam including websites, etc. to the FTC and those reports seem to languish in a bit bucket. Maybe if a few arrests were made the tide would turn, but right now crime pays with absolutely no downside.

Here's another solution that would ELIMINATE SPAM for good. Have the sender of every email pay 10 cents, debited out of his/her account. Have the recipient of the email get paid 9 cents credited to his/her account. The remaining 1 cent would go to the ISP or email servers. I wonder how many "stock tips", "Nigerian 419 scams", pre-approved mortgage loans or Viagra scams we'd get then.

I hope that some useful information will appear in this series detailing how to determine if your PC is "bot-infected" and how to repair it on our own. It doesn't sound like we can rely so heavily on our "Internet Security Suites" that we all pay good money for.

im glad i was able to jump on the net when it was still in its infancy so i could learn how to prepare myself and keep my self safe... but now i realize i had been dilluding myself about the underbelly of the net for some time... ignoring the signs so i could feel better and secure aout my knowledge... in the end i feel like socrates: i don't know a damn thing. maybe we should all go back to school for some re-education.

Here's another solution that would ELIMINATE SPAM for good. Have the sender of every email pay 10 cents, debited out of his/her account. Have the recipient of the email get paid 9 cents credited to his/her account. The remaining 1 cent would go to the ISP or email servers. I wonder how many "stock tips", "Nigerian 419 scams", pre-approved mortgage loans, fake watch replica ads, or Viagra scams we'd get then.

Personally, I feel as if part of the problem is with the antivirus companies. Symantec, as well as McAfee etc all want to stop the hackers, however, they want to do it for an ever increasing fee. In reality, outside of the geeks, most users don't see a need for an annual $40.00+ fee to make their computer safe. So after 90 days - 1 yr, the systems become ever more vulnerable. If we had someone who put out quality virus protection (government funded obviously) then maybe that could help.

PS (For the one who said nonliving entities cant commit a crime) Computers aren't alive, but they can be controlled by software developers (either good or bad).

Simple precautions:
1. Minimize personal information stored on personal PCs. Keep on SD card and store off-line.
2. Encrypt personal information whenever possible.
3. Turn off PCs and your home network when not using it. Or, simply add a shortcut to turn your network connection off for your PC when not using the network.
4. Keep anti-virus and spybot detectection sofware up to date.
5. Filter spam - tell family to do the same.
6. Close all un-needed ports on your router - follow "deny from all", "allow from ..." approach for IPs allowed in or out.
7. Once these are set-up and put into practice, they are not hard to maintain.

Internet has become a worldly showplace that appears to transcend geographic, religious and political boundaries. While this uniting ability seems really cool on the surface of how people literally around the world can pull together and do amazing things. At the same time, these denizens perpetrating crimes is not just a personal or local threat, but is also a serious threat to any nation's national security. The stock pump-n-dump schemes are perfect example. Get enough of these groups and their bots hitting all of the world's exchanges, we could end up seeing market crashes that would make all former crashes look puny. Investors would shriek and pull out trying to protect their money. Further, some more closed societies could even consider these attacks as acts of war if the bots are originating in foreign lands. While some may say this article is an exaggerated story sensationalized for viewership, I say this is a stern wake up call. We need to get cracking on this now before it's too late.

I may just be spreading a rumour but I think Bill Gates was asked how his company deals with 15 year old hackers, and he replied that he hires 16 year old hackers.

While the problem is real and broad, it isn't insoluble. Virtually all malware targets one
operating system, and alternatives to that
operating system are available.

Can't/won't/don't want to change operating
systems? OK, then consider some other simple
steps, such as using a text only email client
instead of one that renders random HTML and/or
facilities the delivery of random binary
attachments to you. That one change can make a
huge difference when it comes to the risks you
run when working online.

Another excellent step if you're running Windows
is to run Microsoft's Baseline Security Analyzer,
Version 2 (see http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx ) -- it will flag many issues that may be present
which you may not be aware are problems.

Think it may already be too late/worried you're
already infected? You may want to consider scanning
your system with SecCheck from MyNetWatchman
( http://www.mynetwatchman.com/tools/sc/ )...
because of how it works, it may find problematic
content that may hide from some other malware
detection tools.

Disclaimer: all opinions strictly my own.

Your article is incomplete in that it does not recognize the root of the problem, which is the insecure Windows OS itself.

There are millions of home pc users who do not have viruses, do not have to pay "protection" money to anti-virus software companies, do not have to be cautious and vigilant in their computer use. I am talking about Macintosh computers and OS/X.

Why do Windows users continue to sink money and time into a defective product. If your car was as defective and risky as Windows you would have replaced it long ago, not gone back and bought another.

This is an issue that will not go away. With time the Goverment will step in and claim they have regulate the system, soon after that it will replace oil as their top "cash cow".

I think we are long overdue for a completelely new operating system that is secure ~ I'll give up "backwards compatable", a percentage of the speed, and the hastle of message boxes related to the screening of every concievable thing to gain it too ~
I need to know that my machine is private and critical information is protected ~ Why is this so difficult? People making money is why ~

Ironically, I came across your article the day after a "pop-up" occurred on my computer, despite having two anti-pop-up devices installed. Another irony is that this "pop-up" had shown up several days after I cancelled SpyAware from my computer. I a mnot sayin gthey had anything to do with it, as the following is what happened:

I was browsing and all of a sudden a big,red ALERT!! flashed onto the screen and a giant "cockroach" also ran across the screen. A statement was made that my computer had just been "infected" by a bug. THen, of course, it flashed a "Click Here" if you want to know about the latest, secure anti-bug/spyware device to destroy the current bug and prevent future ones.

The worst part was that because I did not click on to the site, a little MSN box, including the butterfly popped up and sstated click here now and read carefully....SOOOOO, thinking this was a legitimate MSN warning I clicked on it and up popped 1.) a dog f*&^ing a woman; 2.) a woman with her mouth open, filled with you know what (white stuff) and when I say filled, I mean FILLEd and it was a CLOSE-UP, the and 3.) a man and woman engaged in sex.

Needless to say, I was mortified! I couldn't even trust the MSN box now! SInce I am a retired police officer I decided to investigate furthur by clicking on this website that had obviously put this obscene pictures on my computer in the hopes of my buying their program.

The website used was: http:www.usuc.us/2/popup/2.php?ref=john_p. Notice the part -"u-suc-us"???

The ISP came back as 64.152.1.158 and they were tryin gto access my TCP Port 1412. THe company stated they were SpyWareWizard, , but the ISP came back as a company named InnoSys. The tracer came back as originating from Tempe, AZ to Worcester, Ma and back to Tempe.

I plan to give this information to MSN, but can you tell me where I can report this for further criminal investigation???

I also clicked on their Contact US and wrote a pretty nasty letter stating I was going to report them to the proper authorities and also obtain a lawyer if necessary if they didn't remove their bull$%#& from my computer. (By the way, I could also not get into my MSN HomePage without the porno popping up!) Well, surprise, surprise, within a few hours I could enter my homepage with no porno and have yet to see a repeat performance from these whom I believe to be criminals. PLEASE HELP! (For all I know they could be working out of MSN!)

This is malarkey. My computer rocks.

All of this for the "WOW" of windows. Linux, no jazz, and it is much safer. Distributions are continuously improving and are easy to use; even my kids use it to do homework. I simply don’t see the need for the jazzy unsecured Windows. Apple is cool and has gadgets but it is more expensive. Linux is free.

Harry is right, non-living entities cannot commit crimes or indeed any act of volition. But Harry certainly implies that this means "bots" are OK or nothing to worry about. If a crime is committed by a living entity, and that crime involves the use of a tool (such as a gun or a computer) introduction of that tool as evidence in court is vital to prosecution, and establishing ownership of that tool (if it belongs to the accused, the defense may have a problem) often tilts the court towards a guilty verdict that otherwise might not be rendered.
Don't open spam, don't open any email you're not sure of, and don't click on ads. Period.

As a computer security expert, this article is somewhat Chicken Little in nature. Are 'Bots a problem and a threat? YES. Are they taking over all of the computers in the world? That's the hype in the press. Don't get me wrong, 'Bots are an issue, but I don't believe they are quite the huge threat that's portrayed here.

Do people need to be more diligent in patching their home computers and networks? WITHOUT A DOUBT. Should the high-speed modem providers be more proactive in providing firewalls to customers? YES. Should employers cover employees' home computer systems under their anti-virus contracts? NOT A BAD IDEA. Do home computer users need to remember that the home computer is not just another appliance like their toaster? YOU BET. Do outlets such as Best Buy and Circuit City need to do a better job educating computer buyers about what that computer may do to them? ABSOLUTELY.

Computers require diligent care and feeding. You cannot just plug them in, turn them on and then leave them on without putting them at risk. We continue to provide people with tools without providing them the training to understanding how to use the tool responsibly.

The best practices are to have a firewall (hardware or software), current anti-virus solution, current patches installed and when you are done with the computer, shut the computer off. If you don't do these simple things, then you get what you get and make the computing experience miserable for the rest of us.

I agree with Mike from Kentucky, since I'm in the same boat as him: neighborhood computer fixer dude. One HUGE thing people could do is stop working in Windows as administrators all the time. Spend 99.9% of your time as a "guest", and only log in as an administrator when you need to install something. This is one of the main reasons Linux machines are so secure, because they force you to spend most of your time as a restricted user (i.e. someone who cannot install programs...or viruses.) I did this on my father's new laptop the minute it arrived in the mail, and I've only had to help him install a couple devices in the past year. Get a firewall, anti-spyware, anti-virus, use Firefox (or at least crank up the security in IE), secure your home wireless network, always get the latest Windows/spyware/virus/firewall security updates...and RUN IN RESTRICTED MODE.

2 months ago spyware overwhelmed by old PC. I went out and bought a new iMac and have not seen 1 popup or had any problems whatsoever with spyware. I run Windows as a VM in parallels desktop for mac so I can keep the Windows apps I need to use and before this image ever see's the Internet it is cloned so I can start with a clean slate when it does get infected (it is only a matter of when not if) There is never a shortage of scum and criminals in the world, this is really an age old story with a modern technological twist, Good will always be battling Evil, Always.

Computers AREN'T like cars. PC's can perform automatic actions, not to mention remote-controlled operations. These kind of things aren't legal, and since they cannont be properly linked to you (beyond the PC being part of your property) we can say "they" (PC's) are commiting crimes.

So sad we can no longer download smileys or funny cursors safely these days without the thought of getting a trojan horse crossing our minds.

Seems that the cure could be derived from taking a lesson from nature and the tactics from the malware to find the cure ...

1. Viruses are automatic, they multiply, and spread. Why not make antiviruses that instead of taking over a system, clean out a perticular virus and then move on. Nature has anti-virues. We call them antibodies.

There could be fame rather than infamy for writers of antibodies.

2. Armies of anti-bots.

3. A simple stripped down OS of some sort that comes on a read only cd that scans your system for what programs and processes run when the machine runs and sends a formatted report to a company that then sends back a report of the findings. By booting separately, the risk of having a virus that shorts out the detection process is ended. Many files cannot be scanned in windows because they are in use. It becomes locked. This seems to have backfired as these files can be prime hiding spots for viruses that can enjoy protection from the very operationg system they are infecting!

4. Some sort of control panel where certain things can't be done without the user's knowledge, such as email logs that the user can scan to see what has been sent out. There are a set of things a virus program often does that the user might be made aware of. Knowledge of power.

5. Human scrutiny. I've taken care of many a virus problem with a simple charityware product called hijackthis that gives me a listing of what processes my computer runs. If I don't know what the process is, I copy and paste the guid or the name of the process into google and do a search to see if its something that probably belongs on my system and what does not.

6. Quicker, faster installation of operating systems, such as a method of saving all your files and settings to cd's and then re-installing the OS and retoring the settings so that to the user has all the settings, and has a report about them that can be analyzed and scrutinized, but its a re-install. I know this is a bit of a tall order, but maybe some of it is practical to a point.

Firstly, there is no way that the legitimate software developers can possibly protect us from the barrage of malicious programs. There will never be a piece of software that can safegaurd all systems. It is not going to happen and until people accept that, they will continue to be violated.

The way I see it, there are 3 components to the problem at hand:

1)Software
2)Hardware
3)Users

Without any of these three components, there would be no problem, because there would be no internet.

As I previously stated, we will never be able to combat the issue using software - that is the hackers' turf and we have to accept it. The answer lies in hardware and in ourselves as PC users. All the money we spend on anti-virus software is wasted, because they will never be able to offer any real protection. This article confirms that point. So we must look to hardware and to ourselves for the answers, and I have ideas if anyone would like to inquire.

I have none of these problems... I am on a Mac and you should be too!
www.apple.com/

Switch to Mac, none of this nonsense goes on.

Isn't it interesting that this kind of criminality prevails. It's like so many other criminal acts that are committed. Since the punishment isn't harsh enough, people break laws, unnecessarily hurt others, and everyone becomes more cynical and less responsible. Hackers and others who steal or destroy using their hands should lose their hands. If their mind is involved, lose their heads. The judiciary branch is as guilty as the violators themselves for breaking the law by not holding the perpetrators accountable. If harsh sentencing followed acts against others equal to the total amount of damage done, these activities would curtail if not cease. Blame the criminals...and the courts!

Microsoft and other OS (Operating System) vendors could make this problem easier to identify if they were to implement a novice friendly means of monitoring incoming and outgoing data transmissions on computers. The "netstat" command is meaningless to most users.

the sad part is that some of us know not to look into e-mails from ppl we don't know, and we scoff at the news telling ppl not to look, we think,"f-ing duh!" but then you read stuff like this and realize that common sense must not be passed through genetically. just like the tag on a hair dryer that tells you not to use it in a bathtub, SOMEONE has had to do that for them to have to make a warning sticker for it. i say let them shock or screw themselves, in the wild the dumb animals get eaten, the smart ones survive.

Want to reduce the amount of bots? - try Linux and Mac operating systems and hardware firewalls, they aren't impervious to attacks, but you would see a huge reduction in problems. Perhaps this comment won't be approved by a MSnbc moderator though.

My only problem with this article is that it leads you to believe there's no way of knowing if you're infected.

I can't say for 100% certain that I'm clean, but...I use AV, I block cookies, I have a configured router.

If the author simply told people to do those few things, thi problem would be cut in half in a week.

$0.2

This is a hilarious article. How can you people NOT know this?

Surprise, surprise. I run two dev servers out of five PCs in my home; the cops thought I was running a hydro farm. Nope, just a geek with my own perpetual LAN party. I run no antivirus software whatsoever and I never will. And I know for a fact I'm as safe and clean as a doctor's office.

How is this possible? I know what my registry should looks like, that's how. I'll hack it to ribbons myself. Like hell am I going to expect a man-made machine to self-regulate, let alone faultlessly- be it my computer or my car.

Bots? Please. People, get up off your wrinkled old duffs and learn how to use this stuff. It's not that hard. Oh, please... it's a toaster. Stopping this baloney from happening would be friggin easy if so many people didn't have the mistaken notion that the computer is somehow smarter than the humans that built it.

Not the last just the beginning. Bot links are using P@P networks for file downloads routed through you guessed one's IP address as a source for often illegal music and porn...

Yah-HOO!! If this is really true, then does it make any sense to have access to private info on the internet? I can now access my military records via the internet. I wonder how many people now have my personal information? Until there is a way to stop this stuff then why put more and more trust/emphasis on the internet? Just does not make sense.

This is a REAL threat. Currently, there are countless hackers out there who are doing whatever they can to gain control of your pc and quite possibly obtain your identity. It's all too easy. I agree with the post regarding that if people were just to use common sense when getting emails. If you don't know the person who has sent the email, DON'T OPEN IT! Even if you do know the person, be weary of the subject line. Alot of email viruses, gain control of known pcs and user names and in turn sends itself to that infected's address book. So just use common sense. If you think it's fishy, it probably is. Delete it, I mean really, do you REALLY have to know what's in the message? It's not a do or die situation.

I've been in the IT industry for over 10 years and have seen so many pcs literally taken down because of users just not using common sense.

Golden rule: If you think it's fishy or hoaky, don't open it. DELETE IT! Will save alot of heartache later on down the road.

HARRY, YAZOO CITY, MS

FIX YOUR CAPS LOCK BUTTON. CAPS LOCK IS NOT CRUISE CONTROL FOR COOL. And run some simple adware programs.

"Welcome my son. Welcome to the machine."

Remember that these bots and viruses are designed to work on Windows. The simple solution is to switch to Linux where the security is way better and these bots will die a natural death.

John from Oconomowoc had it right: it's time to abandon our defensive, patch-it-up posture and go on the offensive. I've wondered about the very same thing: can't we turn the tables on these scum and make their lives cyber-miserable?

There is more money in botnets then there is in big oil.

This is real, I'm sure that the democrats will now want to pull out/off of the internet now. Just remember blame Gore for so called creating the internet !!!

Design the browsers to block al cookies automatically, never giving the users the option to accept. Program windows to block all incoming traffic, because with all these firms craeting third party software they create a blind spot for users to trust automatic downloads. Alomost every program you use know days wants to automatically update, that users don' know what is real or fake. Sometimes i have about ten programs downlaoding updates at the same time. Create RABS (revenge attack back programs) and allow users who get spammed to crash the attackers computers, that would allow the highjacked computers user to know something is wrong.

Almost forgot! For all webmasters very important! Absolutely nevr for any reason create a catch all email address. This empowers spammers to simply take domain names and apply any fake email with your domain name in front and spam you eternally!

I think one of the big problems is when people dowload free software the never take the time to wonder why would these nice people write this software and give it for free.Answer it has spyware on it.wait till we have to anti Virus on our Cell phones :(

Unfortunately, the article is all too true. I fix computers and networks for a living and remove crapware from computers that have up2date anti-malware products from Symantec, McAfee, et al. Since all such products are signature based, they can only react to what they "know." The guys that write the crap also have the same up2date AV products that they test against. The adoption of MS Vista may improve things, but it is going to take years before it supplants all previous MS OS versions.

In the meantime, if you use Windows, use a browser and email client that is not from Microsoft - it will dramatically lower your risk. Also download and install the Comodo firewall and learn how to use it. All are free of charge.

Isn't getting a Mac another way of avoiding this? I've been told that the Mac operating system will not allow spyware to work.

It is time to get real, the internet has become an undisposable factor in our daily lives worldwide.
A worldwide conference and possibly the creation of an "Internet United Nations" agency to combat the problem should be considered.
(No connection to the Existing UN ). Please!
This can be developped either by Software producers, or virus, adware, spyware ,etc, protection software producers.
A small fraction of the billions spent on research and development should be set aside to support this entity, and possibly hire the geniuses who are creating this dilema to undo it.
Humans created the problem and humans can fix it.

Most of the vulnerabilities are in Microsoft products, right? Maybe this is why it is bad to allow one person/entity accumulate too much power. Bill Gates is more interested in "winning" rather than creating secure operating systems. And, weak humans want to be on a winning team.

As Grandmaster Flash said: "Only the strong can survive."

I'll add that when you shut the system down for the night, also unplug the network cable going to the router. I have learned that there are ways for your system to be compromised even though it is off. Welcome to the electronic age. With people wanting an easier buck, it's no surprise that there's so much e-crime going on. Having a good firewall and A/V program helps, but also run several spy-ware programs during the day and continually clean your temp files and registries. There are several good (and free) registry cleaners out there. In the end, only the user can keep themselves from being part of the 'bot army'. Watch where you click!

The punishment for convicted hackers must be great enough to deter the crime. If Asian coutries chop off the finger of hackers - do you think that would deter criminals?

Is it possible to create a secure system? What about Macs and Linux?