Rating Hacker Threats -- The Disruptors

WASHINGTON (TheStreet) -- Hackers have loaded email, social networking and Web surfing with potential danger, but equal measures of doom aren't lurking behind every click.

Hackers who gain access to data on Sony(SNE), Bank of America(BAC) and Central Intelligence Agency sites get the headlines, but the ones bothering Internet users engaging in more benign tasks are the ones wreaking more widespread havoc and driving the online security industry. A survey conducted earlier this month by security firm Symantec suggests at least part of the problem stems from the users themselves.

Hacking threats bothering Internet users engaging in benign tasks are the ones wreaking the most widespread havoc and driving the online security industry.

A solid 97% of respondents told Symantec they were either somewhat or extremely knowledgeable about online security. Of that, 80% even said they knew to look for the padlock icon indicating Secure Sockets Layer encryption while visiting e-commerce sites. That's only helpful if online shoppers heed the precaution, though, which only 55% of those padlock seekers say they do by aborting unsafe transactions. Another 81% know to look for secure HTTPS Internet connections, but only 56% are scared off when they don't see one or don't at least see an address matching the domain.

>>Follow TheStreet's Series on Hacking

Part of the problem is that users face attacks on so many fronts that some security measures either get lost in the shuffle or are forgotten out of convenience. We spoke with experts from security software companies Symantec(SYMC), Intel's(INTC) McAfee and Houston-based online security firm Superior Solutions and came up with a ranking system for some of the most common hacker-related issues. Some of these threats aren't so bad, but there's plenty of reason for users to beware:

Drug spam
Threat level: Highest
Hackers still think you need Viagra and, no, they don't care if you're a girl.

The amount of spam in circulation still dwarfs the number of legitimate email messages. Martin Lee, senior software engineer for Symantec's cloud-based service, says 77.8% of all email is spam and two-thirds of that promotes pharmaceutical products. A report in The New York Times in May on how to fight spam said 12.5 million messages results in only $100 worth of Viagra sales for spammers.

Adam Wosotosky, anti-spam technology lead for McAfee Labs, says drug spam alone used to be 75% to 80% of all email sent before governments began cracking down on it. Emails pitching Viagra, Cialis and other drugs were basically seen as an inbox nuisance and spam folder filler that was easily disposed. To Lee, that disguised a greater danger.

The problem with spam-advertised pharmaceuticals, Lee says, is that the buyer cannot be sure about what he is buying. At best, they are counterfeit medication of varying dosage or colored tablets that are just placebos. At worst, they're contaminated with something potentially dangerous.

"In terms of the numbers of malicious emails sent, pharmaceutical spam is far ahead of other threats. Additionally, no other email threat can cause physical harm to human health," Symantec's Lee says. "Therefore I'd class this as the biggest email threat."

Even if the user never purchases a single pill, drug spam can still do some serious damage. Crackdowns on actual drug sales have led to drug spam with links laden with malware or leading to unintended drive-by downloads of executable files and other nasty little surprises. (Others disagree. The F-Secure Security Labs site and several researchers for a study published via the University of California said recently that products bought through spam actually arrived; credit card accounts used to buy weren't applied fraudulently; and in "the most surprising outcome from this test," F-Secure said in May, "we didn't see more spam to the email addresses we used to order the goods.")

"Most of this spam is designed to trick the user into clicking on a link or going to a website that will infect their computer," says Michael Gregg, chief operating officer of Superior Solutions. "It's as important as ever to remind users not to click on unknown or suspicious links, even if they appear to be from someone they trust at a social networking site."