By Mark McPherson

This week we'll be working with kids from about half a dozen schools in Brisbane and taking them through a series of workshops at a purpose-built training facility at the University of Queensland.

We're going to break them up into mixed groups where they'll work with their  teachers to solve real problems faced every day by home computer users.

The challenge for us at AusCERT is that many of the attacks these days are carried out from computers in average homes, in average suburbs, often without the knowledge of the computer owners, so we're hoping to enlist average Australian kids in the struggle against cybercrime.

In the biological world, the viruses which are the most successful don't actually kill their host, they just make them a little bit sick, and survive long enough to spread. In the IT world is not all that different. Unlike the early email based viruses with which most people are very familiar, the current generation of viruses invade your computer and use it to infest others without you even realising they are there in the first place. 

The insidious technology which is of greatest concern to AusCert and other similar organisations today are small pieces of software called bots which can insert themselves into unpatched and unprotected systems usually without the knowledge of the end user.

The software can then use your computer to send emails, or launch attacks against other networks, often corporate or government systems. The reason they succeed is that the host computer user usually has no way of knowing they are infected unless they regularly scan their system. They might notice that their system is running slowly, or that their internet access is a bit patchy, but rather than attribute these things to a virus which is using their computer to attack others, they simply assume it's the fault of the internet service provider, or assume their system is too old and go on their merry way.

What's happening is that the virus on their computer is also on thousands and sometimes millions of other unpatched and unprotected computers around the world forming what's referred to as a bot.net ‘ or a robotic network. These networks use the host PCs to launch large scale denial of service attacks against other systems, by flooding them with unsolicited emails or web-based queries.

And they're not new, as far back as 2004 a bot net like the one I'm describing was used to launch a denial of service attack against the US-base internet service provider Akami.

Because corporate and government networks spend a lot of time managing their systems, and tracking how their computing resources are being used, they are quicker to notice when their systems have been compromised, and since these technologies first emerged, corporate networks have become better at protecting themselves from  becoming part of such attacks.

But home users rarely pay any attention to how their system is actually operating, and are unlikely to notice when they've been infected by bot.net software. As a result prevention is quite possibly the best cure, or at the least the best cure we can come up with at the moment.

These kinds of attacks are mostly preventable so long as people are employing best practice in their own homes. Every home computer user has a role in reducing the impact of internet criminals by ensuring their anti-virus software is up to date, and that they PCs systems are patched, so we're hoping to give the kids that attend our workshops the skills they need to get themselves and their parents up to speed with the whole process.

So if little Jimmy comes home from school and asks to upgrade your anti-virus software and scan the home computer for trojans, listen to what he's talking about - chances are he knows more than you do.

Currently Training Manager for AusCERT, Mark McPherson has spent a decade working as a security analyst Australia's premier online crime fighting team.

AusCERT is an official partner of the National E-security Awareness Week.

________________________________________________

Visit www.StaySmartOnline.gov.au for details and step by step information on e-security.