News
Most Computer Attacks Originate in U.S.
The United States generates more malicious computer activity than any other country
(San Jose, Calif.) The United States generates more malicious computer
activity than any other country, and sophisticated hackers worldwide are
banding together in highly efficient crime rings, according to a new report.
Researchers at Symantec Corp. also found that fierce competition in the
criminal underworld is driving down prices for stolen financial information.
Criminals may purchase verified credit card numbers for as little as
$1, and they can buy a complete identity--a date of birth and U.S. bank
account, credit card and government-issued identification numbers--for
$14, according to Symantec's twice-yearly Internet Security Threat Report
released Monday.
Researchers at the security software company found that about a third
of all computer attacks worldwide in the second half of 2006 originated
from machines in the U.S. That makes the U.S. the most fertile breeding
ground for threats such as spam, phishing and malicious code--easily surpassing
runners-up China, which generates 10 percent of attacks, and Germany,
which generates 7 percent.
The U.S. also leads in "bot network activity." Bots are compromised computers
controlled remotely and operating in concert to pump out spam or perform
other nefarious acts.
The legitimate owner of the computer typically doesn't know the machine
has been taken over--and the phenomenon is largely responsible for the
palpable increase in junk e-mail in the past half year.
Spam made up 59 percent of all e-mail traffic Symantec monitored. That's
up 5 percentage points from the previous period. Much of the spam was
related to stock picks and other financial scams.
The U.S. is also home to more than half of the world's "underground economy
servers"--typically corporate computers that have been commandeered to
facilitate clandestine transactions involving stolen data and may be compromised
for as little as two hours or as long as two weeks, according to the report.
The study marks the first time Symantec researchers have studied the
national origins of computer attacks. The report focused on attacks during
the last half of 2006 on more than 120 million computers running Symantec
antivirus software. The company operates more than 2 million decoy e-mail
accounts designed to attract messages from around the world to identify
spam and phishing activity.
Alfred Huger, vice president of Symantec Security Response, said online
criminals appear to be adopting more sophisticated means of "self-policing."
They're launching denial-of-service attacks on rivals' servers and posting
pictures online of competitors' faces.
"It's ruthless, highly organized and highly evolved," Huger
said.
One of the most startling findings: The worldwide number of bot-infected
computers rose--an increase of about 29 percent from the previous six
months, to more than 6 million computers total--while the number of servers
controlling them plunged. The number of such "command-and-control"
servers declined by about 25 percent to around 4,700.
Symantec researchers said the decrease signifies that bot network owners
are consolidating to expand their networks, creating a more centralized,
efficient structure for launching attacks.
Twenty-six percent of the world's bot-infected computers were in China,
a higher percentage than any other country.
According to Symantec, Microsoft Corp.'s Internet Explorer was the most-targeted
Web browser, attracting 77 percent of all browser attacks.
Symantec said it expects to see more threats begin to emerge against
Microsoft's Vista operating system. It also expects multiplayer online
games to be targeted by phishers, who fool users into divulging passwords
or other personal information by creating fake Web sites that look like
the real thing.