Many people think of viruses as a nuisance, and while they are aware of the threats, they believe that ordinary anti-virus software will protect them from the ever-increasing number of attacks in the form of phishing (the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details), pharming (a hacker's attack aiming to redirect a Web site's traffic to another, bogus Web site), worms (malicious software), Trojans (malicious software), bots (collection of compromised computers) and denial of service attacks.

However, most people underestimate the tenacity of the people who perpetrate these attacks, and fail to take the threat seriously enough. The fact is, cyber-crime is an incredibly lucrative business, not only for virus writers, but for people all the way through the chain, and has already overtaken the drug trade in terms of the amount of money made through these criminal activities.

Cyber-crime has become an industry that is money-driven and has malicious intent, and people on the street need to be aware of the motivations of these criminals who play on people's lack of understanding and manipulate vulnerabilities in cyber-space in order to make a profit.

As end-users, most individuals only see parts of cyber-crime, and are unaware of what goes on behind the scenes of these attacks. The cycle begins with harvesters, whose job it is to literally harvest live e-mail addresses, which are then passed along. This happens in a number of ways. The most common way is for the harvesters to send out e-mails that encourage recipients to pass them along, such as the ones claiming that if the e-mail is sent to a certain number of people and CC'd to another address, the sender will receive some kind of reward. This confirms live e-mail addresses to all of the people to which the e-mail is forwarded, and in this way a database is built up.

Another method is robotic harvesting, which uses a program to pick a random company or organisation and builds a database of first and second names. These are then randomly matched into e-mail addresses by the program until the address stops bouncing. Once e-mail addresses are confirmed, a database is built.

These databases are then sold on to the next link in the chain, the

spammers, who pay anything up to $100 per 10 000 names. This does not sound like a lot of money, but when databases of addresses numbering in the millions are sold all the time, one begins to get a picture of just how much money changes hands simply at this first stage.

Spammers are then paid by the virus writers to send e-mails out to their databases containing viruses, Trojans or worms, which turn a laptop or PC into a zombie machine that is then effectively controlled by a third-party.

Spam e-mails also contain offers to purchase goods, commonly medication that requires a prescription to get hold of otherwise. The spammers get paid not only for every e-mail sent, but also per click for the links these mails contain and a commission of up to 50% for every product purchased.

Herders control masses of compromised PCs, known as botnets. Virus writers can hire these botnets and use the compromised machines to send out mass e-mails that do not get stopped by ISPs, because they originate from a large number of different machines and thus do not get detected as spam.

Botnets can also be used for an even more sinister purpose – straight-up blackmail. While this does not affect the majority of people, it is a real problem for organisations such as online casinos and betting agents. These businesses make a fortune from people gambling and placing bets every day, and are a prime target for denial of service attacks. Cyber blackmailers threaten to take down these sites on important days with DOS attacks, and hold them to ransom for large fees.

Typically, it is easier for the organisations to pay the ransom than to risk millions in revenue if the sites are shut down by hackers using botnets. These attacks are co-ordinated DOS attacks that use the zombie computers to hit the site simultaneously with meaningless queries that overload the servers and crash the sites.

Firewalls do not detect these attacks because the hits are coming from many different machines and are therefore not detected as spam.

Cyber-crime is a very profitable business, and because many people are unaware of just how prevalent it is and how vulnerable they are to threats, it is likely to continue to be so for some time to come. The best way for individuals and businesses to protect themselves from these types of attacks is to educate themselves, staff and customers with constant awareness campaigns, and ensure that systems are protected with the latest anti-malware and anti-virus toolkits with rigorous virus definition and software updates to minimise the risk of attacks.