March 31, 2009— -- One false click and a stranger can take over your computer.
Experts estimate 10 to 15 percent of personal computers in the U.S. have been taken over and harnessed together into powerful illegal computing tools called "botnets." Some experts believe these botnets are so massive that the criminal hackers who run them have more computing power than the U.S. government.
"It's a very dangerous tool," said Chris O'Ferrell, a computer security consultant and an "ethical hacker."
O'Ferrell and two other computer security experts showed ABC News how criminals can easily gain access to your computer. You open an unknown e-mail attachment, which infects your computer with a virus. The virus hijacks your computer, harnesses its processing power for its own purposes, and then links your computer with hundreds of others to essentially create a supercomputer -- the botnet.
With a click, hackers can see everything you do online -- including your passwords and bank balances. Theoretically, they can even watch movements you make around your own home, if your computer has a Webcam attached to it. Most owners never know their computer is under someone else's control.
"This is organized crime at a global level that is in control of these botnets," O'Ferrell said. "It is a very profitable and very powerful tool, and they are going to use it as much as they can until somebody stops them."
Criminals use botnets to send out 80 percent of the world's spam, to steal people's financial identities and to crack codes that allow them to make massive data breaches. Criminals also use botnets to send overhwhelming amounts of data to companies' Web sites.
The data overload causes the companies' servers to crash. And then the crooks demand a ransom before allowing the Web site to get back online again. This is called a "denial of service" attack and was even used as a form of warfare during Russia's conflict with Georgia.
"It is a serious threat because the cyber criminals recognize that by harnessing the power of tens of thousands or hundreds of thousands of computers, they have that many more opportunities to get to you," said Shawn Henry, chief of the FBI cyber crime division.
Cyber Crooks Attack Outdaded Computers
The cyber crooks have created programs that troll the Internet 24/7 looking for their next victim. ABC News connected a computer with outdated virus protection to the Internet. Within 15 minutes, a computer in Alabama tried to take it over. At the 40 minute mark, another attack occurred, this time from China.
ABC also experimented by opening a suspicious e-mail attachment. Within two seconds a malicious program lodged itself on our computer, then turned off our security system to clear a path for itself and tried to communicate with its master.
"It has made several requests, trying to phone home to the criminals to try to figure out what's the next step that it should take," said computer security consultant Arion Lawrence.
Experts estimate crooks commandeer hundreds of new computers every minute. Colin Christian of Arlington, Va., knew his computer had a tricky virus, but didn't know it was about to be taken over by crooks until our experts analyzed it for him. His computer had what's called a "rootkit" virus, a virus that hides deep in the root of your computer and opens back doors to let other malicious programs in.
Each time Christian tried to go to a well known anti-virus Web site, his infected computer either told him the Web site was unavailable or redirected him to another Web site he had never heard of that also claimed to sell anti-virus software -- software he had never heard of and wasn't sure was legitimate. One of the most common scams right now involves fake anti-virus software that takes over your computer instead of protecting it.
"I would like to find those people and have a few words with them about that," Christian said. "I feel targeted."
There was a time when we only had to worry about criminals in our own neighborhoods. But now, thanks to the Internet, crooks half a world away can invade our homes.