London, Dec. 3 (Reuters): Security experts have identified what they suspect to be the biggest culprit behind that seemingly unceasing torrent of e-mail spam messages and computer virus outbreaks.
The unwitting culprit, they say, is the home user with a broadband, or always-on, connection. In fact, it could be you.
Viruses and related “worms” typically target computers that run on Microsoft Windows and have a high-speed broadband connection. In the past six months, a new generation of bug has emerged that contains a so-called “trojan” programme which discreetly installs itself into the innards of the PC.
An effective “trojan” gives the author near complete control of a victimised machine — almost always a computer that is not equipped with proper firewall and security software.
The result is that the computer becomes a “zombie” ready to carry out any nefarious command.
Once hit, a computer user would never suspect that through their machines flow waves of spam and e-mail-borne viruses, experts say.
Some machines have even been commandeered to participate in debilitating “denial of service” attacks, sending a flood of data requests capable of knocking an Internet company offline.
The fast-spreading Sobig.F virus this summer was the first to do this, experts said.
Suresh Ramasubramanian, manager of Hong Kong-based e-mail filtering company Outblaze, said the volume of spam his firm has intercepted has exploded since Sobig.F emerged in August.
Increasingly, it appears to be average home users whose PCs send out discounts for Viagra and penis-enlargement offers. “These are your typical church-going people,” he said.
With countries outlawing spam and even setting criminal penalties and fines, some industry observers wonder if ordinary computer users will get caught up in a dragnet.
“Almost a third of all spam is being sent from hijacked, innocent computers,” said Graham Cluley, of British virus and spam-filtering firm Sophos. “What happens if it's actually grandma or little Timmy’s computer sending out the spam'”
British police recently warned that crime syndicates, many in eastern Europe, are using denial of service attacks to blackmail businesses, threatening to knock them offline unless they pay a small fee.
These groups are honing their virus-writing skills to build up an army of machines to use at their beck and call, investigators say. For now, sending spam through an affected machine is more common.