Hackers, spammers and spies go into overdrive in December and January, when unsuspecting neophytes unwrap new computers, connect to the Internet, and, too often, get hit with viruses...

Share story

SAN JOSE, Calif. — Hackers, spammers and spies go into overdrive in December and January, when unsuspecting neophytes unwrap new computers, connect to the Internet, and, too often, get hit with viruses, spyware and other nefarious programs.

“People want to get on the Net right away, just like they want to put together and start using any Christmas present,” said Tony Redmond, chief technology officer of Palo Alto, Calif.-based computer giant Hewlett-Packard, whose new PCs ship with 60 days of virus and adware protection. “They should be warned that the Net is a very, very dangerous place.”

Although few researchers produce holiday-specific security data, experts at IBM, Dell, Hewlett-Packard, software companies and Internet service providers agree that the holidays are prime time for hackers.

Holiday viruses are so rampant that consumers could be attacked even if their first online destination is to a Web site for updating security patches.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks

Hacker lingo

security gurus update a dictionary that describes various “cyber villains” and other dangers in nontechnical terms. Here are some entries from its “Version 1.0 Online Security Dictionary,” an employee reference guide that’s currently published only on IBM’s internal Web site:

Airsnarf (noun): A rogue wireless device added to a network that steals usernames and passwords from people using public wireless hotspots.

Backdoor (noun): A way to bypass authentication and obtain remote access to a computer. A spammer might install a backdoor to send junk e-mail from that computer.

Bot (noun): A software program designed to act like a person and infiltrate computers. For example, a bot may be programmed to automatically delete e-mails containing certain words or to sweep up and collect certain information from a PC.

List bomb
(verb): Forging messages that cause the victim to unknowingly subscribe to mass mailing lists (such as a subscription to an online newsletter) in volumes that may crash their systems.

Phreaking (verb): Cracking into the telephone network, which has now evolved to include cracking into cellphones and computer communications networks.

Spit (noun): Spam sent over an Internet telephone connection.

Spim (noun): Spam sent over an instant message connection.

Spoofing (verb): Impersonating another host on a network; pretending to be a trusted host.

Wabbit (noun): Any hack that repeatedly replicates itself on a local computer

Fork bomb (noun): A species of “wabbit” that performs a denial of service on a computer system by creating a large number of processes very quickly and overloading the computer.

Kris Murphy, help-desk coordinator for North Carolina Internet service provider Indylink.org, said his minister got attacked last year, only a few minutes after unpacking and connecting the machine. At the time of infection, the minister was updating security patches to Windows.

“Hackers know that you are most vulnerable as soon as you go online for the first time,” said Murphy, whose 10-person company hires temp consultants during the holidays to handle higher call volume. “Inexperienced people tend to fall into traps more readily because they don’t recognize that this guy might be trying to get your credit-card information.”

Seasonal attacks start around Thanksgiving, when online shopping begins an annual spike and marketers pummel consumers with junk e-mail — from the perfect stocking stuffer for a balding spouse to a limited-offer holiday cruise.

With the rise in e-commerce, identity thieves try even harder to obtain credit-card and other financial data from wireless and home networks. They set up dummy Web sites that seem to be hosted by major financial institutions in hopes that gullible consumers will provide their account information.

Virus writers hide viruses and worms in holiday-themed e-mails, seasonal greetings cards and screensavers.

The most vulnerable computers are the ones that have sat under Christmas trees for days or weeks. If a consumer buys equipment that arrives on Dec. 15, and it sits in the living room until Dec. 25, it could be hit by hundreds of viruses written in the 10-day interim.

Tony Ross, analyst at British security firm Sophos, advised consumers to get a CD-ROM with the newest updates from their electronics vendor, next-door neighbor or the computer at their office before connecting to the Internet. They should prohibit children — who tend to be liberal in distributing their personal data — from using the machine until it’s patched.

Some experts wonder whether the computer has become the digital age equivalent of a puppy — an enthralling treasure on Christmas morning, but a sinkhole for time and energy for years after. At the very least, computers are far more demanding than the typical holiday toy, which merely requires batteries.

“At some point, people who receive them for Christmas often ask, ‘Is this computer a gift or a curse?’ ” Ross said.