News

Most Computer Attacks Originate in U.S.

The United States generates more malicious computer activity than any other country

• By The Associated Press
• March 19, 2007

Researchers at Symantec Corp. also found that fierce competition in the criminal underworld is driving down prices for stolen financial information.

Criminals may purchase verified credit card numbers for as little as $1, and they can buy a complete identity--a date of birth and U.S. bank account, credit card and government-issued identification numbers--for $14, according to Symantec's twice-yearly Internet Security Threat Report released Monday.

Researchers at the security software company found that about a third of all computer attacks worldwide in the second half of 2006 originated from machines in the U.S. That makes the U.S. the most fertile breeding ground for threats such as spam, phishing and malicious code--easily surpassing runners-up China, which generates 10 percent of attacks, and Germany, which generates 7 percent.

The U.S. also leads in "bot network activity." Bots are compromised computers controlled remotely and operating in concert to pump out spam or perform other nefarious acts.

The legitimate owner of the computer typically doesn't know the machine has been taken over--and the phenomenon is largely responsible for the palpable increase in junk e-mail in the past half year.

Spam made up 59 percent of all e-mail traffic Symantec monitored. That's up 5 percentage points from the previous period. Much of the spam was related to stock picks and other financial scams.

The U.S. is also home to more than half of the world's "underground economy servers"--typically corporate computers that have been commandeered to facilitate clandestine transactions involving stolen data and may be compromised for as little as two hours or as long as two weeks, according to the report.

The study marks the first time Symantec researchers have studied the national origins of computer attacks. The report focused on attacks during the last half of 2006 on more than 120 million computers running Symantec antivirus software. The company operates more than 2 million decoy e-mail accounts designed to attract messages from around the world to identify spam and phishing activity.

Alfred Huger, vice president of Symantec Security Response, said online criminals appear to be adopting more sophisticated means of "self-policing." They're launching denial-of-service attacks on rivals' servers and posting pictures online of competitors' faces.

"It's ruthless, highly organized and highly evolved," Huger said.

One of the most startling findings: The worldwide number of bot-infected computers rose--an increase of about 29 percent from the previous six months, to more than 6 million computers total--while the number of servers controlling them plunged. The number of such "command-and-control" servers declined by about 25 percent to around 4,700.

Symantec researchers said the decrease signifies that bot network owners are consolidating to expand their networks, creating a more centralized, efficient structure for launching attacks.

Twenty-six percent of the world's bot-infected computers were in China, a higher percentage than any other country.

According to Symantec, Microsoft Corp.'s Internet Explorer was the most-targeted Web browser, attracting 77 percent of all browser attacks.

Symantec said it expects to see more threats begin to emerge against Microsoft's Vista operating system. It also expects multiplayer online games to be targeted by phishers, who fool users into divulging passwords or other personal information by creating fake Web sites that look like the real thing.