Software robots - bots - that invade computers so an attacker can covertly control them have existed for at least two decades. Today, however, their proliferation, sophistication and criminal use are making them a top public enemy.

Last week's arrest of a California man on charges that he exploited thousands of hijacked computers to generate spam and damage systems is the latest evidence of the menace. Authorities say that 20-year-old Jeanson James Ancheta allegedly made about $60,000 by selling access to the bot net to hackers and spammers.

Bots, seeded by attackers through worms, viruses or other means to exploit desktop and server vulnerabilities, are herded into botnets that can force zombie machines to work together on virtually any task, the most common being spam, denial-of-service (DoS) attacks and data theft. Security experts say bots have infected millions of computers, hide better than ever through use of rootkits and encryption, and can break passwords.

In addition, while botnets once were controlled exclusively through Internet Relay Chat (IRC) channels - one reason many companies say they block IRC firewall ports - they increasingly are being manipulated through other means, such as the Web, instant messaging or peer-to-peer.

"The state of bot technology has reached the point that the state of Web technology has," says Peter Tippett, CTO at Cybertrust, whose security experts dive into the online netherworld to track almost 12,000 people contributing to bots or renting out botnets. "Instead of fighting with each other, these guys are working together and posting their code. It's evil open source. We're getting a rich set of commands and capabilities used by the bad guys."

Bots are incorporating encryption and shape-shifting polymorphism, as the variant of Agobot (also known as Gaobot) showed last year, and using rootkits - code that allows a permanent and undetectable presence on a computer - to bury deep inside a machine.

The first bot with a rootkit was probably the variant of Rbot that appeared in May, says Dave Kennedy, senior risk analyst at Cybertrust. Rootkits - particularly the kernel-level sort that conceal malicious code, such as a cloaking device - can't be removed by most anti-virus or anti-spyware products, says Martin Overton, security specialist at IBM Global Service, although one anti-virus vendor, F-Secure, is adding a toolkit called Blacklight for detecting and removing rootkits.