"Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common -- yet often overlooked -- ways that cyber crooks can put your PC to criminal use."
This piece was written by Brian Krebs back in 2009 while he was working for the Washington Post, and he has recently revisited the subject and updated it (see the link at the end). Before I read this I wasn't aware of even half of the ways in which a hacked - or, more properly, 'pwned' - PC can be put to use by a remote hacker. We all know about botnets because there is endless talk about this or that botnet, but most of the time the concentration is on the size of the botnet, usually in relation to one of the well-known ones like Kelihos. There is less discussion of what the botnet slaves (zombies, some people call them) have been instructed to do. Most of the recent botnet discussions have focussed on their use in DDoS (Distributed Denial of Service) attacks against websites - including against Brian Krebs' own site. This article is a reminder that there are penty of other things that a zombie PC can be used for. Anyone want to run the risk of hosting a child pornography server on their PC? No? Then read this article (and the recent update) and follow the advice in my Volunteer Spotlight post (advice which comes from this Brian Krebs article) -
Keep all your software up to date. There are hundreds of new malware variants coming on the scene every day, and if you don't, and you're unlucky, one of them will find you.
Read Microsoft's Ten Immutable Laws of Security at
Keep in mind the 'Four Basic Rules for Online Safety' (from Brian Krebs' blogs). They're listed at
To keep your software up to date there is a free program from Secunia - PSI (Personal Software Inspector) which unfortunately requires you to install Java. "Unfortunately" because Java is one of those things that you should get rid of unless you really need it, or websites you frequently go to won't work properly without it (and there aren't too many of those).
For the 2012 update, see http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/