Data and identity theft are far and away the growth sectors among the criminal underground, according to Symantec's 11th Internet Security Threat Report. The U.S. rates as the most popular target for theft.

Every day, Symantec (Quote) scans the Internet, taking in several terabytes of data, to find "wild" viruses. But it also monitors the underground economy where identity "packages" are sold. According to the report, which covered malware (define) activity for the last six months of 2006, hundreds of clandestine servers are selling identities, either in single units or in bulk.

"It was surprising how brazen they are," Alfred Huger, vice president of engineering at the Symantec Security Response team, told "We got the impression there were bulk buyers, while others bought singly. And we saw the same people on multiple servers, so the community is big enough that they know to shop around for a deal."

Symantec monitored 330 servers, the bulk of which were in the U.S. The report stated that 51 percent of all known underground economy servers were located within the U.S., with Sweden coming in second at 15 percent.

The identity bundles consisted of a name, address, Social Security number, and at least one bank or credit card account. Prices ranged from $14 to $18 per identity.

Other goodies for sale included Skype accounts, accounts to the online game World of Warcraft, online banking accounts with a guaranteed $9,900 balance, and PayPal accounts with balances. In all, Huger said Symantec watched more than 5,000 transactions.

The report clearly shows the U.S. has a bull's eye painted on it. A whopping 86 percent of stolen credit cards were from U.S. banks, with U.K. credit cards coming in second at seven percent.

Other statistics from the report:

  • Symantec recorded an average of 5,213 denial of service (DoS) attacks per day, down from 6,110 in the first half of the year.
  • The United States was the target of most DoS attacks, accounting for 52 percent of the worldwide total.
  • The government sector was the sector most frequently targeted by DoS attacks, accounting for 30 percent of all detected attacks.
  • Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers.
  • Symantec observed an average of 63,912 active bot-infected computers per day, an 11 percent increase from the previous period.
  • China had 26 percent of the world’s bot-infected computers, more than any other country.
  • The United States had the highest number of bot command-and-control computers, accounting for 40 percent of the worldwide total.
  • Beijing was the city with the most bot-infected computers in the world, accounting for just over five percent of the worldwide total.
  • The United States accounted for 31 percent of all malicious activity during this period, more than any other country.
  • The number of zero-day attacks, where a threat is in the wild but there is no fix for it, went from an average of one per period to 12.

The Web remains the single biggest point of weakness, with 66 percent of all vulnerabilities related to Web technologies, such as e-commerce and Web forums.

"It's pretty safe to say that the most insecure software we see today is Web software, and I think it's because of ease of use," said Huger. "These new languages like Ruby and Perl and PHP are great, they're easy to use, and it makes them accessible. But it also brings people to the game don't know how to program securely."

This article was first published on To read the full article, click here.