More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, a study shows.
Six months ago only 2,000 Windows machines per day were being recruited into these so-called bot nets.
Experts say the numbers are growing quickly because the
remotely controlled networks are so useful to people who profit from hacking and virus writing.
The figures came to light in Symantec's biannual Internet Threat Report which traces trends in net security.
Nigel Beighton, a member of Symantec's Threat Team, said
the number of PCs being enrolled in these networks was the stand out statistic for the latest report which covers the first six months of 2004.
The peak of new recruits was 75,000 in one day.
This high watermark was hit when the creators of the
MyDoom and Bagle viruses were conducting an online war that resulted in many different versions of their malicious programs being released.
Once created the networks of zombie PCs are used as
anonymous relays for spam, to launch denial of service attacks on websites or simply to steal confidential information about a PC's owner.
Mr Beighton said the methods used to recruit PCs marked a significant change in the activity of virus writers and malicious hackers.
Vulnerabilities are now exploited in 5.8 days on average
1,237 vulnerabilities came to light in the first six months of 2004
95% of these vulnerabilities were rated very severe or above
4,496 Windows viruses were detected in the first six months of 2004
This number is four and a half times as many as in 2003
Latvia, Macau and Israel are the top three sources of attacks
In the past many people wrote viruses to gain notoriety
or "bragging rights" among their peers. Status in such groups revolved around the number of machines infected and how fast a virus spread.
However, said Mr Beighton, because the bot nets are
being put to many outright criminal uses, the writers of the programs that create the networks are happy for their creations to stay out of the limelight.
"When you look at the statistics you see that the level
of attacks continues about the same level," he said, "what has changed is how they are operating."
"We're seeing increased use of backdoors and worms
written in technically accomplished ways so they do not give themselves away," he said.
The Sasser worm was a good example of this new trend, said Mr Beighton.
That virus did not spread particularly quickly, yet managed to find and recruit many thousands of machines.
What has also fuelled the rise of the bot nets is the
willingness of virus writers to share their malicious code so it can be altered and re-used by others.
As a result there are now some viruses that are
appearing in a bewildering number of guises. For instance there are now more than 200 varieties of the Gaobot worm.
Mr Beighton said that although many net service firms were working hard to find and clean up compromised machines, many thousands were still in place because they are not yet active or only activate infrequently.
It was too early to say whether Microsoft's SP2 update
for Windows XP was going to make a difference to the numbers of PCs being recruited into bot nets.
"The key challenge for Microsoft is not XP users," said Mr Beighton, "it's the Windows 98 and 95 machines."
"Getting those people to upgrade and improve their security is going to make the difference," he said.