Personal computers that play unwitting host to zombie code are proliferating at a startling pace, according to a new report.
Incidents involving the malicious code, also known as bot code, reached 13,000 from April through June, according to a report from antivirus-software maker McAfee. That's quadruple the number tracked by the company in the previous three months. McAfee estimated that 63 percent more machines were exploited by bot programs and by spyware and adware — their slightly less insidious, but more common, cousins — in the first six months of this year than in the whole of last year.
Computer security experts have identified zombie networks, or networks of systems with bot software installed, as a rising threat to consumers and businesses.
Intruders can remotely control a network of infected machines to launch attacks on other computers and Web sites, spread spam and steal data, for example. Like most worms and viruses, zombie programs largely target machines running Windows.
Spyware and adware also implant themselves surreptitiously on the computers of unsuspecting victims. But unlike zombie programs, they are mainly designed to report users' browsing habits and deliver pop-up ads. Such programs have become the scourge of the Internet, often frustrating people's Web experience and tying up their computers' processing power.
Public outcry over such programs has reached lawmakers' ears. Several anti-spyware bills are under review by Congress. The US Federal Trade Commission and its counterparts abroad recently announced that they'd urge Internet Service Providers to crack down on zombie perpetrators. New York Attorney General Eliot Spitzer filed suit against Web marketer Intermix Media in April, charging it with being a source of adware and spyware programs that hinder online commerce and security.
But McAfee remains pessimistic about the fight against what it calls "potentially unwanted programs".
"There are four anti-spyware bills working their way through Congress to help tackle this growing problem, but we believe the problem is only going to get worse," Vincent Gullotto, a McAfee vice-president, said Monday in a statement.
McAfee also said it saw a 12 percent increase in the number of new unwanted programs created in the past three months, compared with the previous three months.
The reported number of overall computer security vulnerabilities climbed about 5 percent in the second quarter, compared with the same period last year, exceeding 1,000 on various computing platforms, the company said.
A growing number of attacks are being launched with the goal of financial gain, McAfee noted. Some attackers use programs to steal financial data, while others attempt to hold a person or group ransom by gaining complete control over a machine or network.
McAfee also warned that researchers have discovered a new method for hacking mobile phones using the Bluetooth wireless protocol. The technique allows an attacker with special equipment to connect to a Bluetooth handset without authorisation.
Talkback
Reality is that much of the information security relies on "that people should do this" and "that people shouldn't do that". All the law making in the world won't help here. Unless you like watching people jumping thru hoops all of the time.
What's needed is a multi-angle approach.
As long as there's more profit to be made from selling, maintaining or allowing unsafe things then that lack of realistic liability will maintain the status quo accross the board. And which consumer could hope to circumvent that? Not many, that's for sure.