Chapter 13: Hacking the Internet User

OVERVIEW

Way back in 2000, which, based on Intel co-founder Gordon Moore's postulations, is multiple generations of computer technology ago, we made a decision to include at the end of our second edition of Hacking Exposed an unobtrusive little chapter dedicated to the then unsensational but growing phenomenon of Internet client software exploitation by malicious hackers. At the time, we considered this somewhat of a risk for a book primarily focused on corporate IT securityhow would readers react to this detour into the land of the allegedly hapless and uninspiring end user? But based on the potential long- term impact of the issue, we stuck with the theme through two subsequent editions, hoping that someone, somewhere, would recognize the severity of the problems we documented and take steps to head off what was sure to be worldwide calamity.

Unfortunately, it appears no one did.

Today, "hacking the Internet user" has evolved into a veritable industry of its own. Worldwide malware writers (oftentimes in cahoots with certified criminal elements), spammers, and numerous "adware" peddlers of varying degrees of legitimacy have combined the time- tested technique of human trickery with an edgy technological sophistication to perpetrate wave after wave of scams against vast communities of newly minted Netizens, many of whom are barely cognizant that their innocuous -looking web browser, e-mail inbox, or favorite peer-to-peer communications software is in actuality an effective portal through which unsavory entities can enter directly into their homes and offices. Consequently, the public and private sectors have finally stood up and taken notice, with everyone, including traditional antivirus software firms, the U.S. government, nonprofit antifraud task forces, and even Microsoft, admitting the time has come to act.

That's why we've totally rewritten this chapter to bring you the most up-to date information from the frontlines of the battle against Internet end-user hacking. We started by updating our coverage of key Internet client software vulnerabilities, and we have added totally new sections on hot topics such as phishing, spyware, and Windows rootkits. We've also adapted our style and language to be even more direct and plainspoken than in other chapters, to reach the largest range of technical skill levels. So, whether you're an IT pro trying to shield your infrastructure from pillaging by a worm downloaded by an unsuspecting user, or a tech-savvy soccer mom who likes to swap pictures of her kids with friends and family online, we hope the material in this chapter informs a safer, more productive online experience.