Symantec: Criminals Pool Resources To Beef Up Online Attacks 2Symantec: Criminals Pool Resources To Beef Up Online Attacks 2

The Internet's bad guys aren't necessarily getting more technically savvy. But they are creating online networking communities where they can barter and sell information on malware, botnets, and stolen identities.

It's this new-found networking and collaboration that's making them more dangerous than ever before, according to Symantec's latest Internet Security Threat Report. The report, which is compiled and released every six months, shows that the current Internet threat environment is characterized by an increase in data theft, data leakage, and the creation of targeted, malicious code for the purpose of stealing confidential information that can be used for financial gain.

It's this new global, cooperative network that's enabling the hackers, virus writers, phishers, and spammers to pool their talents and resources to pick up the level of attacks hitting consumers and the corporate world.

"It's not just the tools and techniques that are evolving and changing, but their support mechanisms are growing and maturing and feeding this," says Vincent Weafer, senior director at Symantec Security Response. "Today, I don't need to know how to write a virus or worm. I just need to know where to go to lease one or rent one. There's a quality of service around them. If I want to create a botnet for phishing or spam, I can lease one. You tell us what you want, we'll give you the tool and you go off and make money."

Weafer says buyers even can customize their orders. If they want to target a specific region with a phishing scam, they can request e-mail lists for that area or they can ask for the spam messages to be written in a specific language.

He also says it would make sense that these online networks should make it easier for law enforcement to track down the bad guys, but that's not necessarily the case.

"It means the puppet masters behind these things are hiding themselves behind multiple, multiple walls to make it hard to find them," he explains. "When we look at botnets, we saw a 29% increase in the number of machines connected to them over the previous six months. As we look at that, we also saw that in the same period there was a 25% decrease in the number of servers controlling the botnets. That tells us that more of the command and control is going stealth. It's going underground. They're using encrypted channels and alternate channels to hide themselves. Less of it is visible. This is another example of how the underground is maturing. They're getting smarter about being visible. If there's a market place, it's easier to get introduced to the market but the really, really serious stuff is encrypted and stealthy and hard to get at."

Symantec's Threat Report also shows that:

-- Worldwide there are more than 6 million infected computers tied to botnets during the second half of 2006. That represents a 29% increase from the previous six months.

-- Trojans constituted 45% of the top 50 malicious code samples, representing a 23% increase over the first six months of 2006. This supports Symantec analysts' predictions that attackers appeared to be shifting away from mass-mailing worms toward using Trojans.

-- Symantec documented 12 zero-day vulnerabilities during the second half of 2006, marking a significant increase from the one zero-day vulnerability documented in the first half of the year.

-- Theft or loss of a computer or data storage medium, such as a USB memory key, made up 54% of all identity theft-related data breaches.