Do you know what your computer is doing right now?

If your computer is running Microsoft Windows there’s roughly a 25% chance it is remotely controlled by a cyber-crime ring.

…it was Vint Cerf, the father of the Internet, who said that, of the 600 million PCs out there, he believed 150 million, one quarter, were infected. And you know, IÂ’’ve talked to a number of people since then who think that number is low.

That was Leo Laporte, discussing spam and spambots with security expert Steve Gibson on the Security Now podcast series. Leo was referring to comments by Mr. Cerf during an expert forum on the future of the internet at the 2007 World Economic Forum in Davos. BBC reported the Cerf comments this way:

Mr Cerf, who is one of the co-developers of the TCP/IP standard that underlies all internet traffic and now works for Google, likened the spread of botnets to a “pandemic”.

Of the 600 million computers currently on the internet, between 100 and 150 million were already part of these botnets, Mr Cerf said.

These “botnets” are largely comprised of PC’s running Windows 98 or earlier, or Windows XP systems that do not have Service Pack 2 installed [which by default turns on the internal firewall].

Later versions of Windows may also be infected but, so far as I know, with the firewall activated, infection of Windows XP SP2 or Vista requires active participation by the user — such as opening email malware attachments or visiting websites which install malware via scripting or Active X.

Some of the botnet machines could be Linux or Mac OS systems — but I’ve not personally heard of any such cases.