Symantec Says Hackers Professionalize

By Alice Turner
00:19, September 18th 2007

Social networking sites or multi-player computer games have become a source of malicious threats for their users, rather than the initial fun they promised, the security company Symantec said in a report released today. Hacking has developed at a large scale lately transforming into a real organized crime network.

Symantec released a report based on the web activities in the first half of 2007, warning about the threats hackers can pose, based on personal data available on sites like Facebox. Fraudsters find these sites as valuable data bases that help them concoct highly specific threats.

“Increasing professionalisation and commercialization” of internet crime was eloquent, judging from the specialized “toolkits” that enabled hackers to construct multiple “phishing” sites in the same time. Moreover, virtual worlds like computer game “World of Warcraft” facilitated money laundry by the use of accounts.

William Beer, director of security practice at Symantec explained some parts of the process: “What we've seen with so-called 2.0 technologies is that they don't go through the standard procedures that most sites do, meaning that when new features are added, a series of warning flags - to do with security and privacy - aren't necessarily being raised.”

A pattern has been highlighted, that of the attacks being based on data provided by sites like Facebox or Linkedin, where both quantity and quality facilitate the fraudsters’ malicious intentions.

Bots, or computers that distribute without knowing it spam e-mails and other malicious codes, have decreased by 17 percent, but phising messages grew in number by 18 percent, reaching 196, 860.

Symantec’s report also revealed that the country that recorded the most “bot-infected computers” is China, accounting for 29 percent of the world. The government sector provides 26 percent “data breaches” that help to identity thefts, the health sector 15 percent, but the sector that leads in providing these data is the educational one, accounting for 30 percent.

Also, the browser that accounts for most of vulnerabilities – 39 of 105- remains Microsoft’s Internet Explorer; however it met some alleviation, compared to the previous six month, when it accounted for 54 of 102 browser-based vulnerabilities.

Plug-ins are another means by which fraudsters accomplish their targets, using the “edges” of websites rather than their core. The cases of web-based plug-ins vulnerabilities grew by 74 percent, reaching the number of 237.

Symantec's Vice President, David Sykes explains that hacking phenomenon matured, developing from the curiosity-driven amateurs that had fun to organized crime. The worst part is that these groups don’t limit to exploit their hacking results, but they also make money out of selling their tools, spreading internet crime to an extremely large scale. Mpack is one of the examples of designed tool kits that are further sold, being purchased at around $1000.