While attackers are using viruses and worms to pave the way for spammers, virus authors also are also starting to use infected computers to release their wares and cover their tracks, said Craig Schmugar, virus research engineer for Network Associates, an anti-virus company based in Santa Clara, Calif.
"The line between spam and viruses will become even blurrier in the months ahead," Schmugar said.
Too Many Patches
Internet security officials regularly urge consumers to practice safe computing, such as making sure they regularly update anti-virus software and deploy the latest security fixes from software firms like Microsoft.
But even the savviest computer users can't always keep up with the large number of security patches issued every year. Most Internet worms spread by exploiting unpatched security holes in software and operating systems. This year, as in the past, the big target has been Microsoft, whose Windows operating system powers more than 90 percent of the desktop PCs on the planet.
The "Slammer" worm kicked off the virus season in January, spreading with such unprecedented speed -- it infected more than 300,000 vulnerable Microsoft servers in less than 15 minutes -- that it clogged networks worldwide, crashing bank ATMs and delaying airline flights.
The "Blaster" worm made headlines in August by crashing or infecting more than a half-million PCs worldwide, attempting to hijack them for a coordinated attack on Microsoft's security Web site.
That attack ultimately proved unsuccessful, but security experts soon had to deal with the "Welchia" worm, a so-called good worm that was intended to patch the security hole exploited by Blaster. Welchia spread so quickly that it disabled many corporate networks for days on end. Welchia and Blaster remain among the Top Five most prevalent worms to date, according to Symantec Security Response.
Christmas Virus Season
Even as criminals can exploit a whole list of newly discovered vulnerabilities, SANS's Ullrich said he expects a bumper crop of new computers to be infected with old worms and viruses still circulating on the Internet as millions of consumers plug in shiny new computers they receive over the holidays.
"The trouble is, even if your intention is take the new PC out of the box, plug it into the Internet and download the patches, it doesn't take but a few minutes for one of these worms to find you, and then 'bam,' you're infected," Ullrich said. "Most won't survive the first day without getting hit with something."
CERT's Houle agreed, and urged consumers to learn more about how to protect their computers and install the latest security patches. Alternatively, he said, consumers should enable the software-based firewall that's included in the latest Microsoft systems before connecting their computers to the Internet.