It Gets Worse

For many reasons, you don’t want a script kiddie, or anyone else, to gain access to your machine. These reasons are pretty much the same as the reasons you don’t want anyone to gain access to your house. There also are less obvious, but equally important, reasons. The main one is:

You may never know that someone has gained access to your computer let alone what they’re doing or have done with the access they’ve gained.

Some attackers just leave some sort of calling card (“Kilroy was here!”) and don’t do anything malicious. But other attackers are much more subtle. They may implant an invisible file or application (often called a Trojan horse) on your machine that could do all sorts of bad things at some unknown time. For example:

· The hidden application could spy on everything you’re doing and then make that information available to the attacker over the Net. It could notice what Web sites you go to, for example, or read your e-mail along with you. Worse yet, it could copy the passwords you type to access Web services or steal the credit-card numbers you enter in supposedly secure Web sites.

· The application could be used to send spam or conduct other such illegal activities. As Internet providers crack down on spam sending and similar activities, Net no-good-doers need to find and take over alternate machines to carry out their activities.

· The application could be used to obtain email addresses to be used for sending spam or in email attacks. It could read through your address book and any emails you’ve kept on your machine, and make those email addresses available to spammers. So you could end up being a principal cause of your friends getting spam.

· The hidden application could be used to launch an attack on another machine. Attackers often cover their tracks by launching attacks indirectly, through a series of machines, sometimes in different countries. Then, when someone comes looking for the attacker, they find you instead. Although you may not be legally liable for the misuse of your machine in this situation, we don’t think any of us wants to have the FBI or other law-enforcement agencies knocking on our door.

· The application could be used in concert with similar applications implanted on other machines for more advanced, distributed attacks. The most popular of these is known as a distributed denial-of-service attack. Your machine, and hundreds or even hundred-thousands like it, could be used as part of a coordinated "botnet" to flood a particular Web site with traffic, effectively denying the services of that Web site to legitimate users. Over the years, attacks have been launched successfully against several major Web sites, including Microsoft, Yahoo! and CNN. Not to mention at least one serious attempt against the White House. And the FBI did go around knocking on a lot of doors.