You, sitting at your notebook. Yes, you, casually watching the latest YouTube video, unaware that your PC is about to be used in a botnet attack. Think you're protected just because your Web browser and antivirus software are up to date? Think again.
 
Take Bob, for example. He's reasonably computer-savvy. He knows not to click on attachments from someone named "loveyoulongtime." He ignores offers of financial gain from deposed dignitaries of small African nations and discount prescription sales from Canada. But he also finds some great bargains on eBay.
 
One day, Bob gets a message from PayPal confirming his purchase of 300 pairs of pink fuzzy bunny slippers (a purchase he never made), and he immediately clicks on the "Dispute this charge" link to log onto his account. Although the Web site looks just like the real deal, Bob has now handed his account details over to criminals. The site will exploit this information and soon install malware. It will also use Bob's computer to quietly send out thousands of e-mails-each one apparently from PayPal.
 
Bob is in a world of hurt, but he won't know it for a few weeks yet.
 
Avoiding Bob's fate is harder than it used to be. Each and every keystroke-including the ones that create your passwords-can be recorded by the bad guys and used to drain your bank account. Are you just going to sit there, or are you going to do something about it?
 
Despite the release of what Microsoft is calling its most secure operating system ever, the online world that your Vista (or XP) computer connects to is getting more dangerous. "There's a variety of threats we're seeing that have become a lot more prevalent," said Brian Trombley, product manager for Internet security software provider McAfee. "Today you're seeing more botnets and Trojans that are geared toward financial gain."
 
Other experts highlight this shift from hobbyist hackers to profit-minded criminals as the defining characteristic of that latest Internet threats. "It's no longer a kid in his garage seeing how much damage he can do," said Natalie Lambert of Forrester Research. "There are millions of dollars to be made from creating malicious software."
 
"The difficulty of the code we have to analyze and detect has gone through the roof," said Mikko Hypponen, chief research officer of Internet security specialist F-Secure, noting that since the first "for-profit" attack he saw in 2003, groups of professionals have been turning out increasingly devious malware and scams.
 
Security software vendors are trying to keep up with these new threats. The latest security suites from F-Secure, McAfee, and Symantec observe the behavior of running programs to catch malicious software even if it doesn't match known virus signatures, protecting against "zero-day" attacks. Vendors are also adding anti-phishing features to prevent users from accidentally revealing sensitive personal information to scammers posing as banks or online stores.
 
Yet even the best security software falls prey to the most insidious of threats: an uninformed public. "The hardest part is the education of the users," said Hypponen. "No matter how many times you tell them not to double-click on that attachment, they will always double-click on it. That's frustrating." Read on: Ignorance can be expensive.