Study: Most Computer Attacks Originate in U.S.

The United States generates more malicious computer activity than any other country, and sophisticated hackers worldwide are banding together in highly efficient crime rings, according to a new report.

Researchers at Cupertino-based Symantec Corp. also found that fierce competition in the criminal underworld is driving down prices for stolen financial information.

Criminals may purchase verified credit card numbers for as little as $1, and they can buy a complete identity -- a date of birth and U.S. bank account, credit card and government-issued identification numbers -- for $14, according to Symantec's twice-yearly Internet Security Threat Report released Monday.

Researchers at the security software company found that about a third of all computer attacks worldwide in the second half of 2006 originated from machines in the United States. That makes the United States the most fertile breeding ground for threats such as spam, phishing and malicious code -- easily surpassing runners-up China, which generates 10 percent of attacks, and Germany, which generates 7 percent.

The United States also leads in "bot network activity." Bots are compromised computers controlled remotely and operating in concert to pump out spam or perform other nefarious acts.

The legitimate owner of the computer typically doesn't know the machine has been taken over -- and the phenomenon is largely responsible for the palpable increase in junk e-mail in the past half year.

Spam made up 59 percent of all e-mail traffic Symantec monitored. That's up 5 percentage points from the previous period. Much of the spam was related to stock picks and other financial scams.

The United States is also home to more than half of the world's "underground economy servers" -- typically corporate computers that have been commandeered to facilitate clandestine transactions involving stolen data and may be compromised for as little as two hours or as long as two weeks, according to the report.

The study marks the first time Symantec researchers have studied the national origins of computer attacks. The report focused on attacks during the last half of 2006 on more than 120 million computers running Symantec antivirus software. The company operates more than 2 million decoy e-mail accounts designed to attract messages from around the world to identify spam and phishing activity.

Alfred Huger, vice president of Symantec Security Response, said online criminals appear to be adopting more sophisticated means of "self-policing." They're launching denial-of-service attacks on rivals' servers and posting pictures online of competitors' faces.

"It's ruthless, highly organized and highly evolved," Huger said.

One of the most startling findings: The worldwide number of bot-infected computers rose -- an increase of about 29 percent from the previous six months, to more than 6 million computers total -- while the number of servers controlling them plunged. The number of such "command-and-control" servers declined by about 25 percent to around 4,700.

Symantec researchers said the decrease signifies that bot network owners are consolidating to expand their networks, creating a more centralized, efficient structure for launching attacks.

Twenty-six percent of the world's bot-infected computers were in China, a higher percentage than any other country.

According to Symantec, Microsoft Corp.'s Internet Explorer was the most-targeted Web browser, attracting 77 percent of all browser attacks.

Symantec said it expects to see more threats begin to emerge against Microsoft's Vista operating system. It also expects multiplayer online games to be targeted by phishers, who fool users into divulging passwords or other personal information by creating fake Web sites that look like the real thing.


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.