The internet: dead in just 10 days?

The internet: dead in 10 days?
With huge numbers of viruses and people hell bent on causing disruption, how long can it really go on?

Always-on broadband and mobile web connectivity make it seem like the internet is there for us 24 hours a day. But that's not always the case. We all come across the occasional dropped connection and experience the evening rush when everything slows down for a couple of hours. Then there's the odd site that you can't access because everyone else is trying to get to it at the same time as you.

If truth be told, the internet can be a bit shaky at times. That's because the multimedia content providers of today are struggling with technology that was invented in the 1960s; technology that's now creaking and cracking under the strain. In this article, we look at the threats that face the internet – and why a collapse might be underway by the time you read this…

The rise in spam

Named after the infamous Monty Python sketch, spam (or junk) email is threatening to bury us under a mountain of adverts for Viagra, get-rich-quick schemes and porn sites. It's estimated that unsolicited advertising now accounts for 80 to 90 per cent of all email traffic – an estimated 100 billion messages every day. And it's growing.

In 2006, for example, six trillion emails were sent worldwide, 75 per cent of which were junk. But you don't really need a survey to tell you that. All you need to do is look in your own junk mail folder. We checked ours and found that, on average, we were receiving 20 spam messages an hour, most of them automatically filtered and never seen. The bandwidth and storage space occupied by these messages has to be paid for, and it's users that end up reaching into their pockets.

In 2007, Ferris Research reported estimated costs of $100 billion worldwide, with the USA paying for $35billion of it. That cost estimate also includes the time it takes employees to deal with junk mail. Every second spent deleting it is time on the clock. Potentially more disruptive, though, is the time spent fishing out legitimate emails from junk mail folders. So how long could it be before the system grinds to a halt under a deluge of unsolicited mail?

Any time now, is the pessimist's answer. A month, perhaps even a week. In October 2008, Virgin Media suffered from a spam attack that cut off email access to about half of its 200,000 customers for four days. That's one of the country's largest ISPs brought to its knees by spam.

Researchers have consistently claimed over the last decade that the spam apocalypse is about two years away, though for now we're all still online checking Facebook and playing World of Warcraft. Email is the internet's foundation application. Built as a communication system designed to route around damage in the event of nuclear war, continued vigilance is making sure that the amount of spam making it to our inboxes is a fraction of that actually sent. Still, there's a tremendous amount hitting the relays. How can we counter that?

The ultimate solution to the spam problem isn't virtual – it's legal. Though blacklisting programs such as Yahoo!'s SpamGuard and Microsoft's SmartScreen help us combat spam at a personal level, US and EU legislation has made unsolicited email marketing a crime, giving courts the power to force spammers to stop sending emails.

Already we're seeing those laws used to take down some big hitters. Facebook recently won an $873 million court case against a Canadian spammer who targeted its users; and the overall volume of spam on the web fell by 75 per cent in November 2008 following the shutdown of McColo, a Californian ISP that provided relay services to the spam world's biggest villains. While the spammers inevitably found new service providers, targeting their infrastructure hits them where it really hurts – in the wallet.

The malware threat

The legal block on McColo had a secondary effect – UK security software maker Sophos reported a drastic drop in malware-infected attachments too. Unfortunately, that was a temporary blip. Malware, trojans and self-replicating viruses are the second most visible threat to the internet, infecting and corrupting the operation of millions of client computers every day.

Security firm Symantec recently reported that of the 1.1 million malware, virus and trojan threats in circulation, 64 per cent were new in 2007. This suggests that malware producers are creating new strains of malicious code faster than security software specialists can swat them.

If malware production continues at this rate, with threats doubling year on year, how long will it be before it makes the internet impossible to use? The effects of malicious code can vary widely, from an infected web browser that recursively opens new windows to programs that collect personal details. Some viruses overwrite key Windows files, corrupting the system.

Though it's usually individuals who suffer, coordinated virus attacks frequently make the news. Three London hospitals were plunged into computer chaos in November 2008 following a network-wide infection of the Mytob worm, a virus that lowers security settings on targeted machines. The outbreak took three days to contain.

Of course, the default defence is to make sure that you have antivirus and anti-malware software installed on your system. Windows Defender should recognise most spyware, while AVG Free will protect you from email attachments and trojans. Beware of tools that advertise spyware protection in website pop-ups, though. The notorious MS Antivirus (also known by several other names) is actually malware and may disable legitimate applications.

Denial of Service attacks

Spam and malware sometimes work together, with malware applications enabling spammers to hijack vulnerable PCs and use them as mail relays. It's not just web servers that are vulnerable to hacker intrusion, either – an unprotected PC is easy prey as long as it's connected to the Internet. Hacking is a consistent and perennial threat, and the most prevalent type of 'hack' is the Denial of Service (DoS) attack.

Making network intrusion and defaced web pages seem like benign pranks, DoS attacks seek to bring the web's servers to their knees by flooding the available bandwidth with data. There's a history of increasingly bold assaults too. Popular news site Digg went dark for half a day due to a DoS attack. More controversially, a range of key Georgian websites – including those of the Georgian President and the National Bank – were taken offline by Russian DoS attacks before the invasion in August 2008.

In this case, there's little in the way of good news. Though the majority of hack attacks are attributed to 'script kiddies' (neophyte programmers armed with downloaded code), there are signs of more sophisticated advances. In a security survey conducted by Arbor Networks, 23 per cent of network operators questioned said that DNS poisoning – the practice of redirecting traffic to another domain – is their most significant concern. A similar number cited client hijacking – which results in 'zombie PCs' – as a big headache.

Hackers and crackers are part of a community, sharing exploits and taking part in games of one-upmanship. As fast as patches for operating systems, browsers and servers can be created, new exploits can be found. Controlling the problem is a matter of putting out brush fires, but all it would take is one coordinated, conclusive attack on a set of significant servers for the whole forest to go up in flames.