Internet security has deteriorated markedly this year as a new generation of invasive computer attacks, often masterminded by criminal gangs, has reached a heightened level of sophistication, according to the latest studies of online threats.
“It’s getting worse year after year,” warned Pat Peterson, chief security researcher at Cisco Systems, who blamed the deterioration on the fact that computer “hacking” is quickly turning into big business. “Capitalism is working against us,” he said.
“It’s a step back after things had gotten better,” added John Pescatore, a security analyst at Gartner.
In particular, computer security experts warn that so-called botnets, or networks of “slave” PCs whose owners do not know their machines have been infected, have become both more prevalent and sophisticated.
By planting a piece of software on an unguarded PC, criminals are able to assemble large networks of machines to carry out tasks for them, such as launching attacks on other internet users.
PCs that are part of botnets, some of which span 1m or more machines, have become harder to identify and root out in recent months as the rogue software has burrowed deeper into the machines, said Paul Wood, a senior analyst at MessageLabs.
Botnets have also become more dangerous as their controllers have learnt how to repurpose the slave networks to carry out different tasks, Mr Peterson said. One network that was originally used to steal users’ passwords and send out spam was given an overhaul this year so that it could attack legitimate websites, according to Cisco.
A second big new threat that has become notable this year has been the commandeering of legitimate websites and e-mail accounts to spread malicious software. Rogue software is used to scrutinise public websites and “inject” code into those that are found vulnerable, so that later visitors to the sites can be infected.
The setback for internet security follows several years in which the biggest online threats were successfully held at bay or, in some cases, pushed back. The use of the internet to exploit vulnerabilities in millions of PCs first emerged as a significant threat in 2001, after an outbreak of fast-spreading computer viruses and worms.
Those threats were largely thwarted after a concerted effort by Microsoft and other software makers to plug flaws in their code, and after anti-virus software became more widely used. A subsequent wave of spyware that emerged in the middle of this decade was also pushed back.
However, the prospect of making large amounts of money by stealing sensitive information from millions of users, such as their passwords or financial data, has led to a new and more insidious outbreak of mass internet attacks.
Copyright The Financial Times Limited 2008