A botnet is an army of computers compromised by a malicious program, such as a worm or Trojan, which has installed itself on a computer. Once the malware is running, it can be controlled remotely by the botnet operator for a variety of nefarious purposes, from stealing passwords to launching attacks on other computers.

A study from the National Cyber Security Alliance (NCSA), a collaboration of security experts with the goal of educating users about how to protect themselves against online threats, showed that 71 percent of 2,249 online consumers surveyed had never heard of the word "botnet."

"These statistics are extremely disconcerting and shocking," NCSA Executive Director Ron Teixeira told us. "The reason why is because we in the security community talk about how botnets are probably the number-one threat we face on the Internet today, and are the cyberweapon of choice for criminals. Computer users should know that their computers could be part of the cybercrime problem instead of the solution."

Botnets: Annoying and Dangerous

Botnets are responsible for some of the Internet's daily annoyances as well as dangers. Joe Stewart of information-security company SecureWorks exposed the top spam botnets. According to the company, "The top botnets are capable of sending more than 100 billion spams per day." Stewart's analysis of the Srizbi spam botnet estimates that it is comprised of 315,000 infected computers.

Size doesn't always matter when it comes to botnets, however. Consider the Nucrypt botnet, which Stewart estimates lives on only 20,000 or so computers, yet has the capacity for sending as many as five billion spam messages per day. If you've received a spam message touting a Canadian pharmacy, there's a good chance it came from a Nucrypt-infected machine.

Ignorance Is Not Blissful

The NCSA study shows that 47 percent of those surveyed "believe it is not possible for a hacker to use [their] computer to launch cyberattacks or crimes against other people, businesses, and our nation." Almost the same percentage of people had no idea how to protect themselves from cybercriminals, or what to do if they are victimized.

Teixeira said the study "points to a need for increased employee awareness and education, and [shows] that we can no longer look to technological solutions as a way to secure business. End-user awareness and education is part of the solution, and increasing education and awareness within the workforce can be our best ally in the fight against cybercrime."

The NCSA's Web site provides eight top cybersecurity tips for any computer user. These range from using antivirus software, keeping Windows and other operating systems updated and creating strong passwords, to backing up files and learning what to do if something goes wrong.