In a word, worry
Beware malware, the legions of computer viruses
File under: As If We Didn't Have Enough To Worry About.
"Malware," short for "malicious software," just replaced "monetize" as my new favorite word. Malware is the umbrella term for the legions of viruses and other evils that do their best to ruin our computers. My second new favorite word is "bot," a type of malware that, without the owner's knowledge, allows an attacker to gain total control over a computer with the presumable intent to sell our most sensitive information to other bad guys for long money.
What are we talking about here? In 2007, malware use equaled the combined total over the previous 20 years. Today, the take from global electronic fraud runs in the hundreds of billions of simoleons.
So what is the going rate for the guys who want to steal and sell your private information to other parties? Let's see, 10,000 compromised PCs will run you $1,000. Bank account credentials start at $50. Malware installation on PCs costs 30 cents apiece in the United States and 10 cents in the United Kingdom. You can rent a kit to create your own bot application for $1 an hour, $5 for five hours.
Bad guys will pay $250,000 for access to a big server with gaping security holes in it. Access to Mozilla - my Mozilla - goes for a mere $500. And the targets are damned near infinite: There were 230 million unique users from Facebook and MySpace from June 2007 to June 2008. If they were a country, they'd be the fourth-most populous in the world. (I just love that factoid.)
The Observer learned all this in a riveting, bloodcurdling conversation last week with Throop Wilder, a cofounder of Crossbeam Systems, a Boxborough-based computer security firm that helps protect large companies and governments. The above statistics, by the way, come from Crossbeam's own research. (Truth in advertising: Wilder is a friend who is way, way smarter than I am.)
The gap between the needs of home users and corporate users has never been wider, he says. Home users are far more vulnerable than businesses in part because of our lackadaisical security behavior. We install a security package and then pretty much forget about it. In contrast, says Wilder, "Businesses are starting to put into place enough protections so that 97 percent of threats don't make it through."
"If at home you get compromised in some way, is it the server's responsibility to protect you, or is it your responsibility?" he asks. "Providers say, 'I'm providing the road, not guards in front of your house.' "
A huge threat comes from the way kids use computers today. They wander into any website they want, oblivious to the dangers. They live open lives on Facebook and MySpace, which, despite security systems, pose a malware delight for evil ones. Security is simply not on a kid's radar screen - I know because I've raised the issue with my daughter. They have not yet experienced the consequences of having their identity stolen.
Adults: Be afraid, very afraid, of the websites your kids will visit when they borrow your computer. It will be your computer that gets compromised without your knowing it. Also, when kids apply for jobs, their Facebook profiles will be available for employer background checks. Remember the pix of the wet T-shirt contest and the Jello Shots competition?
Hackers used to create viruses and infiltrate them into others' computers all by themselves. This used to be about ego. No more. Now it's a business.
Malware malfeasants now use subcontractors to get the job done. A virus writer who is based in Russia passes his bots off to a group based in Asia to market them, while the financial transactions take place in Brazil. The money involved is purposely small - say, $40 at a pop - to avoid detection by Internet police, but multiply the 40 bucks a few millions of times and, as the late Illinois Senator Everett Dirksen was alleged to say, pretty soon you're talking about real money.
Hacking has become a full-time job too. "The pattern of releases by hackers suggest that virus writers come in at 9 and leave at 5," says Wilder. "Then it's: 'Hi, honey, I'm home.' The wife asks, 'How was your day?' He says, 'Oh, fine, I wrote a few viruses.' "
Three percent of all computers in the world are compromised with bots, according to
An airport is a Russian Roulette of a place to use a laptop, he warns. The facility is home to robust "spoofing," where a bad guy sitting in an airport chair can use his laptop to advertise "Free Wi-Fi Here" to those seeking to link up. He draws scads of people to his network and passes them on to black marketeers. You're trusting your security to a server that you know nothing about. "These are great big doors for hackers to get past," says Wilder.
Boston's Logan International Airport offers Wi-Fi for $7.95 a day. Great. Wi-Fi access adds up if you're paying a similar figure at two other airports you pass through that day. But folks who refuse to pay the price unwittingly enter the killing fields.
Here's another terrifying statistic: Wilder says there may be on average, one bug, or hackable mistake, per 100 lines of written code. Others put it at thousands of lines. Either way that's an awful lot of bugs.
The gloomiest among the computer security sachems think the problem is so pervasive that we'll just have to figure out how to survive in a world of infected computers. Whoever figures out how, says Wilder," will make a zillion dollars."
Sam Allis's e-mail address is allis@globe.com 
