Last September, more than 100 people were arrested in the US, UK, and Ukraine as part of an international cybercrime ring that allegedly stole more than $70 million from victims' bank accounts. In terms of online security, though, the arrests meant almost nothing.
The thieves' main tool was a botnet—a remotely controlled network of infected computers that spreads via web pages and email. The best efforts to destroy these zombie armies have failed; botnets continue to thrive, sending daily bursts of stolen info (yes, possibly including yours) to servers around the world.
Online criminal organizations are growing more diverse, often operating with near-impunity in places like Russia, where stealing from US citizens seems not to count as an offense. According to security firm Websense, the number of malicious web pages jumped 111 percent from 2009 to 2010. Nearly 80 percent of those were legitimate sites hacked to serve up malware. When you visit an infected site, it scans your computer for unpatched software. If it finds a hole, it drops in the remote control.
"It takes just that one click on a bad bit.ly link and criminals have access to all your data," says Paul Ferguson, a senior threat analyst for TrendMicro.
Antivirus software helps, but it can't keep up with the speed of malware mutation. Avoiding the net's red-light district isn't enough, either, as criminals are infecting pages tied to top Google searches and Twitter topics. "It's now slightly more dangerous to search for news than for adult content," says Patrik Runald, research head at Websense.
Facebook isn't safe either. Forty percent of updates there contain links, and 10 percent of those are spam or malicious attacks.
Smartphones are likely the next target, since people have begun banking from them. "As soon as financial transactions are being made on a device, the criminals will be there," Ferguson says.
For now, experts recommend running patch-checking tools like Secunia PSI as a complement to your antivirus software. Windows PCs remain the most vulnerable, mainly due to their ubiquity. But attacks are targeting Macs, too, as they become more widespread. For true security, Runald suggests buying a cheap Linux netbook for banking.
Of course, once that becomes common, the botnets will follow.
