Report: Hackers Making Contracts for Spam

Thieves selling their code to middlemen who spread phishing and pharming attacks


SAN JOSE, Calif. -- Online crooks are quickly enlarging an already vast sales and distribution network to propagate spam and send malicious software in hopes of infecting millions of computers worldwide, according to a new report.

In a report to be released Monday, security software maker Symantec Corp. says sophisticated thieves sell code to criminal middlemen for as much as $1,000 per program. The middlemen then push the code to consumers, who may be duped into participating in a scam, or who may have their passwords, financial data and other personal data stolen and used by identity theft rings.

The savviest hackers lock middlemen into long-term service contracts so they can automatically push the newest exploits on unwitting consumers and compensate for patches developed by legitimate programmers.

The agreements - not unlike contracts between software powerhouses such as Oracle Corp. or Microsoft Corp. and their corporate clients - leave a trail of code that, in principal, makes it easier for authorities to catch both the hacker and the person who's buying the program. But researchers who worked on Symantec's newest Internet Security Threat Report said the amount of money to be made from computer attacks still outweighs the danger.

"These people are taking a huge risk, and either they're stupid - which we don't believe is the case - or they're making big money," said Alfred Huger, vice president of Symantec Security Response.

Symantec's new report covers the first six months of 2007 and draws on attack data gathered from more than 120 million computers running Symantec antivirus software and more than 2 million decoy e-mail accounts designed to attract spam and other shady messages from around the world.

Among the findings:

- The sale of stolen personal information online continues to grow. The United States is the top country for so-called underground economy servers, home to 64 percent of the computers known to Symantec to be places where thieves barter over the sale over verified credit card numbers, government-issued identification numbers and other data. Germany was second and Sweden ranked third.

- China had the most computers infected by Web robots, or bots - software that performs automated tasks online, such as propagating spam, often without the knowledge or consent of the computer's owner. China had one-third the world's computers conscripted by "bot herders."

- The number of threats caused by malicious code has ballooned. In the first six months of the year, 212,101 new malicious code threats were reported to Symantec, an increase of 185 percent over the previous six months.

But researchers agreed that professional-grade service agreements between cyber criminals and their agents was the most alarming trend.

A small number of malicious "toolkits" - bundles of exploits that allow criminals to customize their own scams and attacks - is responsible for a growing number of attacks.

Only three toolkits were responsible for 42 percent of the 2.3 million so-called 'phishing' messages spotted and blocked by Symantec during the first six months of the year. Crooks use phishing messages to try and steal personal and financial information by tricking people into entering private information into bogus Web sites that look like the sites of legitimate brands such as banks or popular retailers.

Such toolkits cost $300 to $800.

This content continues onto the next page...