March 31, 2009 -- One false click and a stranger can take over your computer.
Experts estimate 10 to 15 percent of personal computers in the U.S. have been taken over and harnessed together into powerful illegal computing tools called "botnets." Some experts believe these botnets are so massive that the criminal hackers who run them have more computing power than the U.S. government.
"It's a very dangerous tool," said Chris O'Ferrell, a computer security consultant and an "ethical hacker."
O'Ferrell and two other computer security experts showed ABC News how criminals can easily gain access to your computer. You open an unknown e-mail attachment, which infects your computer with a virus. The virus hijacks your computer, harnesses its processing power for its own purposes, and then links your computer with hundreds of others to essentially create a supercomputer -- the botnet.
With a click, hackers can see everything you do online -- including your passwords and bank balances. Theoretically, they can even watch movements you make around your own home, if your computer has a Webcam attached to it. Most owners never know their computer is under someone else's control.
"This is organized crime at a global level that is in control of these botnets," O'Ferrell said. "It is a very profitable and very powerful tool, and they are going to use it as much as they can until somebody stops them."
Criminals use botnets to send out 80 percent of the world's spam, to steal people's financial identities and to crack codes that allow them to make massive data breaches. Criminals also use botnets to send overhwhelming amounts of data to companies' Web sites.
The data overload causes the companies' servers to crash. And then the crooks demand a ransom before allowing the Web site to get back online again. This is called a "denial of service" attack and was even used as a form of warfare during Russia's conflict with Georgia.
"It is a serious threat because the cyber criminals recognize that by harnessing the power of tens of thousands or hundreds of thousands of computers, they have that many more opportunities to get to you," said Shawn Henry, chief of the FBI cyber crime division.
Botnet: A collection of computers that hackers have taken over and harnessed together into an illegal supercomputer used to commit crimes.
Bot: Short for "robot." A single computer in a botnet.
Zombie: Another name for a single computer whose "brain" is now being used by outsiders somewhere.
Bot Herder: A criminal hacker, often based in Eastern Europe, who has amassed a collection of computers that do his bi dding.
Cyber Crooks Attack Outdaded Computers
The cyber crooks have created programs that troll the Internet 24/7 looking for their next victim. ABC News connected a computer with outdated virus protection to the Internet. Within 15 minutes, a computer in Alabama tried to take it over. At the 40 minute mark, another attack occurred, this time from China.
ABC also experimented by opening a suspicious e-mail attachment. Within two seconds a malicious program lodged itself on our computer, then turned off our security system to clear a path for itself and tried to communicate with its master.
"It has made several requests, trying to phone home to the criminals to try to figure out what's the next step that it should take," said computer security consultant Arion Lawrence.
Experts estimate crooks commandeer hundreds of new computers every minute. Colin Christian of Arlington, Va., knew his computer had a tricky virus, but didn't know it was about to be taken over by crooks until our experts analyzed it for him. His computer had what's called a "rootkit" virus, a virus that hides deep in the root of your computer and opens back doors to let other malicious programs in.
Each time Christian tried to go to a well known anti-virus Web site, his infected computer either told him the Web site was unavailable or redirected him to another Web site he had never heard of that also claimed to sell anti-virus software -- software he had never heard of and wasn't sure was legitimate. One of the most common scams right now involves fake anti-virus software that takes over your computer instead of protecting it.
"I would like to find those people and have a few words with them about that," Christian said. "I feel targeted."
There was a time when we only had to worry about criminals in our own neighborhoods. But now, thanks to the Internet, crooks half a world away can invade our homes.
Fighting Back Against Botnets
If your computer is suddenly running very slowly, even though you don't have many programs open, that may be a sign that somebody else is using your machine's computing power for other purposes. One way to check is to close every program, especially e-mail, and then hold down control, alt and delete keys at the same time. Choose "task manager," then choose "performance." If the graph shows that a large percentage of your computer's processing power is in use, even though you aren't really doing anything, that may mean your computer is being used by somebody else. Also in task manager, you can check the "networking" tab, and if your Internet connection is in heavy use even though you closed your e-mail, that's another sign of an invasion.
If your security software alerts you that you have a "rootkit" virus, beware. Rootkits are extra devious viruses that hide themselves deep in the root of your computer and then open a "back door" for other malicious programs to enter. A computer with a rootkit virus is one step away from being taken over. Rootkits are designed to be difficult to detect, just like botnets.
In extreme cases, your computer may lock up for hours at a time because it is so busy doing the "bot herder's" bidding. Eighty percent of the world's spam is sent using botnets, so if your computer has become a spam sender, your Internet service provider could actually blacklist you.
Check your e-mail "sent" box. Are there messages there that were not sent by you? That's a big, bad sign that somebody is using your screen name to send spam.
How can you keep your computer from being taken over?
Assume your computer is a target. Crooks don't personally come looking for innocent computers like yours, but they have created programs that constantly troll the Internet for them. One hour online without your virus protection turned on is enough to get nabbed by one of these roving programs.
If you have a PC, keep your Windows patched and up to date. You know those annoying pop ups that say "A Windows update is available. Do you want to download it now?" Yup. You need to do it. Most infections happen to computers that have not been patched.
Install a well-regarded security suite (anti-virus, anti-spyware, etc.) and make sure it is set to a mode that automatically updates continuously whenever the computer is on. Then, buy the new subscription every year to make sure you are still protected. Last year's security software won't cut it. For that matter, last week's won't protect you either. Malicious programs crop up constantly.
Don't leave your computer on. If it's connected to a high-speed Internet connection, that just gives hackers more opportunities to access it. And once they take it over, it gives them more time to use your machine's computing power for their own ends. Turn your computer all the way off at night and before going away. "Sleep" mode is not good enough.
Install a router. Usually they're used in homes where there is more than one computer, but it's worth buying one even if you only have a single machine because they have built-in firewalls in them. It's a cheap way to remove your computer one step from the open Internet. The router is connected to the Internet instead, and your computer is behind that.
If you don't use a router, then buy a software firewall.
Download free software selectively. Know the source of the software and that it is safe. Never take a gamble. One of the biggest new cyber scams out there are fake antivirus programs created by crooks that actually take over your computer instead of protecting it.
Practice safe computing. Don't click on attachments unless you know who they are from. Don't even open spam e-mails. Just delete them. Never, ever respond to an e-mail that claims to be from a financial institution and asks you to verify your personal information. And don't click on pop-ups unless you know they are safe. (One way to tell if a pop-up is questionable is to hit the "escape" key when you see one and see if that makes it go away.) Don't visit questionable Web sites that may harbor viruses that can then worm their way into your computer and take it over.
Macintosh computers are not immune from malicious Internet programs, but they are targeted far less often. So, statistically speaking, your chances of staying safe are better if your computer is a Mac.
Try less common Internet browsers and e-mail systems. Again, it's a numbers game. Since Internet Explorer and Outlook Express are so widely used, hackers target them. Instead, you could try Mozilla's free Firefox browser and Thunderbird e-mail program, or the free Eudora Internet Suite.
How can I fight back if my computer is already part of a botnet?
Replace your security system or use more than one at a time. If you have antivirus protection, obviously it has let you down. Some experts estimate that even the best antivirus programs fail to detect 80 percent of malicious programs, simply because the crooks develop new ones every few minutes. So, you can increase your chances of rooting out the virus that led to the botnet by trying out multiple security software packages. Many are available for free on the Internet. Just be sure the ones you try are legitimate. Check out a site like Cnet.com for advice.
There are programs designed to find botnets. Trend Micro makes a program called RUBotted and SRI International offers BotHunter.
Back up your data early and often. That way, if bot herders do take over your computer, you will be able to wipe it clean, then restore your personal files to your computer afterward. An external hard drive or a remote storage system works well for this.