Features

Internet threats such as computer viruses and hackers are deeply concerning. According to a report by anti-virus company Grisoft, 87 per cent of British citizens are worried about having their money stolen online. Grisoft found that people were more worried about cybertheft than burglary, assault or robbery. But how realistic are these fears?

It's tempting to think that viruses are written by spotty teenagers, that hackers are a Hollywood fantasy, and that spam is a threat only to those idiots who can't tell the difference between real email and fraudulent adverts for Viagra and pornography. However, as we will see, these stereotypes are completely outdated. Organised criminals are now using the internet and the latest hacking techniques to defraud regular users on a systematic basis. A new underground economy has evolved where our personal details are traded for cash on the internet. Criminal organisations provide services to others in a perverse mirror image of legitimate business. They even sell hacking tools in a web-based arms market.

Sometimes gangs engage in cyberwarfare, squabbling over territory. Instead of fighting over street corners and smuggling routes, they struggle to control large groups of home users' computers. These include the PCs and Macs that we use on a daily basis. Security firm Symantec claims that 90 per cent of targeted attacks on the internet are aimed at home users.

Spam tactics

Before we explore the underbelly of cybercrime, we need to classify

ADVERTISEMENT

the main internet threats that most of us face on a daily basis. Some, such as spam, seem fairly innocuous. This is because many people still assume that spam is about sending dodgy adverts by email. In fact, spam refers to any unsolicited email. This type of email can be far more sinister than special deals on Viagra.

Increasingly, spam is being used to deliver bad software directly to victims' desktops, links to infected sites and invitations to participate in a scam. For example, 'pump-and-dump' schemes involve distributing tips that encourage victims to buy shares in a company. When the price rises the fraudsters sell, thereby making a profit. The stock price drops following the sale, a situation made worse by the fact that the fraudsters are no longer hyping it, and the victims are left holding shares worth far less than their initial investment.

Spamming techniques are also used to distribute emails that purport to come from banks and other financial institutions. If you click on the links embedded in these emails, you won't end up at your online bank's login page, although you'll think you have. These so-called phishing emails direct victims to convincing but fake copies of websites. Anyone who then enters their username and password will be handing valuable information directly to the criminals.

Drive-by downloads

You don't always need to enter any information to fall foul of a website. A website infected with spyware can attempt to download bad programs on to your PC. This type of attack has evolved to the point where the attacker no longer has to trick victims into installing Trojans, such as fake video-playing software. The software is quietly and automatically installed on the victim's system, and the user is none the wiser.

Spam can be used to direct you to spyware-infected sites under the control of the bad guys, but increasingly attackers are upping their game and infecting legitimate websites. In March 2008, anti-virus company Trend Micro's website was infected with malicious code that redirected visitors to spyware-laden sites in China.