A quarter century of tech bugs

Hackers no longer want to share poetry or wipe your hard drive clean. After all, if a virus erases disks, it erases itself – and the opportunity to take advantage of unsuspecting computer users would be lost.

Now viruses can infect computers and the user might never know. Digital beasties such as "rootkits" burrow deep into operating systems. "Spyware" lurks behind the scenes, quietly sending passwords or other data to hackers. "Bots" can even allow hackers to take over systems. Once "bot herders" lasso enough computers, they can order thousands of hijacked machines to stampede networks, overwhelming websites and possibly blackmailing the companies that run them.

Bots in particular are hard to track down because they are often international in scope, says Dave Marcus, security research and communications manager for McAfee's antivirus lab in Santa Clara, Calif. A herder can operate in Romania, commandeer a computer in China, and then attack a network in the United States.

In fact, he says, 80 to 90 percent of all spam comes from infected machines.

Another major change from the hobbyist phase to today's era of full-time criminal coders: sheer volume.

In 2002, McAfee's antivirus team found 100 new malware designs each week, says Mr. Marcus. Now, the Internet snoopers discover 125 to 175 new codes every day.

Hackers caused $13.3 billion in damages last year, according to a report released last month by Computer Economics, a digital research firm in Irvine, Calif. But thanks to wider adoption of security software, that number is down from $17.5 billion in 2004.

One challenge in fighting malware is that current antivirus measures are still largely reactive. Once a company spots a problem, it can take days or weeks to plug the hole – plenty of time for viruses to slip in.

Of course, the biggest problem is not the computer's defenses, it's the people using the machines, says Richard Ford, director of the Center for Security Science at the Florida Institute of Technology in Melbourne, Fla.

"Humans are always going to be the weakest link," he says. "If a hacker can convince you to download a malicious file or, better yet, trick you into deleting good files, then it doesn't matter what precautions you have in place."

A future threat: cellphone viruses

Antivirus experts agree that it's just a matter of time before cellphone viruses reach US shores. They already exist in England and Japan, where mobile phones play a bigger role in everyday life.

"One thing protecting Americans now is that there is no dominant cellphone standard," unlike on computers, where Microsoft Windows enjoys a 90 percent market share, says Ramzan. However, "I wouldn't be surprised if something came up soon to attack the BlackBerry."

Earlier this week, a team of security advocates claimed to have cracked Apple's month-old iPhone, allowing hackers to swipe personal information from users.

The development is a sign that computer viruses will stalk networks long after this silver anniversary fades.

"Fifty years from now we'll still be plugging away," says McAfee's Marcus. "But let me say this: We're at the front lines of this fight, and even though there is so much that we deal with, even we don't think it's doomsday."

Page: 1 | 2