The Internet is under assault from a new breed of criminal more insidious than ever before. These "cybercriminals" have infected up to 100 million PCs around the world, turning them into an army of willing criminal assistants known as "bots". Users often infect their own PCs by opening spam messages with malicious attachments or downloading malicious files from websites.

Almost every spam email you receive is sent by a bot, or hijacked computer. According to the Marshal TRACE team, 15 percent of the world's spam originates from hijacked PCs situated in the US. It is the biggest source of spam in the world.

If your computer isn't infected, there is a very high likelihood that another business associate's has been and is part of an army of bots - a botnet.

Users of infected PCs are unaware that they are acting as accomplices. Criminals who remotely manage the bots take great care in making sure the activity doesn't do anything that may notify the users of their presence.

How are they using the bots?

It is no longer a group of teenage malcontents hoping to create a little chaos that is responsible for spam and various nefarious email attacks. We are now dealing with sophisticated criminal organizations that are making millions of dollars by using botnets to launch their own illegal activities or by renting out their botnets to other groups so they can conduct their own illegal activities.

The Russian Business Network (RBN) is a Russian Internet Service Provider that is notorious for offering Web hosting services and Internet access to illegal and dubious businesses, including child pornography, phishing and malware distribution sites. RBN sells its services to cybercriminals for $600 per month. Its own earnings as a host alone are up to $US150 million a year.

Businesses that take active stands against such attacks are sometimes targeted by 'denial of service' attacks originating in the RBN network.

The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.

Other cybercriminals, such as Los Angeles man John Schiefer, create their own botnets and use them to host their own criminal activities which can range from spamming to personal identity theft and fraud.

Schiefer admitted to creating and managing a botnet of 250,000 computers. He infected the PCs with spyware and surreptitious computer programs, stole the identities of thousands of people and accessed their bank accounts.

It is unknown at this stage how much money Schiefer stole. He was found guilty of committing four counts of fraud and wiretap charges, fined and sent to prison.

Not surprisingly, the increasing sophistication and widespread use of botnets by cybercriminals coincides with a sharp increase in the distribution of more sophisticated spam.

Spammers are sending out more targeted attacks on business executives, such as C-level staff, that have privileged access to sensitive and valuable information about organizations and individuals.

Last year a 24-year-old Russian Igor Klopov was indicted in the US for stealing US$1.5 million from more than a dozen victims he selected from the Forbes 400 list of the world's wealthiest people.

How can I protect my systems?

Security experts agree that businesses need email and Internet security solutions that offer multiple layers of protection, beyond just identifying and blocking URL links known to contain malicious content. To learn more about Marshal's MailMarshal 6.4, WebMarshal 6.0 and EndPoint Security solutions click here.

User education is also critical. To stay abreast of the latest email and security threats, visit the Marshal TRACE site daily.