The number of computer viruses is growing extraordinarily fast and shifting from phishing e-mails to being hidden in seemingly safe websites such as a local bed and breakfast, says Internet security company Symantec Corp in a new report on Tuesday.
There has been a huge increase in the number of viruses and worms, also called malicious code, on the Web with 624,267 identified in 2007 compared with 1.6 million last year, according to Symantec.
Sixty percent of all the (malicious code) threats in the past 20 years came in the last 12 months alone, said Vincent Weafer, Symantec's vice president of security content and intelligence, in an interview with Reuters.
Attackers are shifting away from using a spam e-mail technique called phishing to get personal information from users to corrupting legitimate websites, for example a local business, and using it to steal, the report said.
The attackers tend to shy away from big corporate websites run by companies who would quickly repair the site in favor of smaller sites not run by professionals, such as a bed and breakfast. Symantec's report cited other examples -- U.N. and British government sites -- of infected Internet sites.
The bad guys are going out to legitimate websites and compromising them, said Weafer.
The goal of the viruses is to steal, with the spread of broadband overseas making it easier for lawless areas to inadvertently play host to hackers.
In 2008, 78 percent of confidential information threats exported user data and 76 percent used a keystroke-logging component to steal information such as online banking account credentials, the report said.
Once credit card numbers, user names and passwords have been stolen, they are sold on the black market.
The most popular item for sale on underground economy servers in 2008 was credit card information, accounting for 32 percent of the total, the report said. The price for each card can be as low as 6 cents when they are purchased in bulk.
Bank account credentials was the second most likely to be sold, at 19 percent, for between $10 and $1,000 each. E-mail account user names and passwords were in third place at five percent for between 10 cents and $100.
If I can control your domain ... I can use it to log in and send spam. I can use it to impersonate you or other people, said Weafer. The chances are that your e-mail sign-on is the same as your bank sign-in.
Weafer argued that users could no longer rely solely on security protection software and urged international cooperation to stamp out organized crime operating in lawless environments.
As broadband expands overseas and gets cheaper, that moves viruses, he said. There's some very genuine challenges.
(Reporting by Diane Bartz; Editing by Andre Grenon)