March 19, 2007 10:17 AM PDT

Report: U.S. most prolific source of online attacks

U.S. networks pumped out the highest percentage of attacks during the second half of last year, with China running a distant second, according to a report released Monday by security firm Symantec.

The U.S. accounted for 31 percent of malicious activity originating from computer networks, while 10 percent came from China and 7 percent from Germany, Symantec said in its Internet Security Threat Report.

The company also found that 51 percent of all known servers used by attackers to buy or sell stolen personal information, such as credit card or bank account numbers, are located in the U.S.

U.S.-based credit cards, with accompanying verification numbers, were found to be selling for $1 to $6 each on these servers. But a more thorough roundup of personal-identification data--including a person's birthdate and banking, credit card and government-issued identification numbers--fetched $14 to $18, the report noted.

Internet thieves increasingly are turning to Trojan-horse software, which can load keylogging software onto unsuspecting victims' computers. The software is able to harvest people's log-in names and passwords to various accounts and can glean other sensitive information people type into their computers.

Trojans accounted for 45 percent of the top 50 malicious code samples collected by Symantec during the second half of last year, up from 23 percent in the previous six months. Symantec noted that that significant jump further reflects a movement away from mass-mailing worms--programs that spread software viruses and clog networks.

Phishing, an attempt by attackers to trick people into revealing personal or financial information, largely occurs during the weekday, the report noted. Many phishing attacks begin with an e-mail that appears to be from a legitimate source but in fact contains a malicious attachment or includes a link to a malicious Web site. During the second half of the year, a daily average of 961 phishing e-mails were sent to people on weekdays; 27 percent fewer phishing messages were sent out on weekends.

See more CNET content tagged:
phishing, Symantec Corp., credit card, China, U.S.


Join the conversation!
Add your comment
I might add,
That (from server logs) there is a big jump in spam starting on monday morning, as people in each time zone across North America get to work; I see this as evidence that businesses are still not doing enough to protect their office machines.
Posted by Marcus Westrup (630 comments )
Reply Link Flag
well said..
I wonder how those responsible for each business, be it CEO or small business owner would feel if they knew that they didn't "own" their systems? Better yet, how would you react if you were a customer of one of these businesses and found out that the information you shared with them wasn't managed as securely as you would expect?
Posted by webdev511 (254 comments )
Link Flag
And this isn't a National Security Issue because...?
Why doesn't this issue have a higher public profile?

Judging by the numbers, it looks like there are more than a few businesses out there with compromised machines.

This isn't a windows, mac or *nix issue, it's a National Security issue. Why? because machines that reside within our boarders are being used to harm our businesses and potentially US portions of the internet.

Yes, it is tough, but come on people, we all share some level of responsibility. You may know that your machine is clean, but when was the last time you asked all of your friends if they were sure that their machines were clean? When they say "yeah, sure" pin them down with with "What are you using? When was the last time you up dated your virus signatures? When was the last time you ran a full system scan?"

If they can't confidently answer all three of those questions, then it's time to push back, make them aware that they're at risk and that it's time for them to make sure the computer they're using really is under their control.

Mac and *nix users out there should look at this as an opportunity to take care of their less educated friends that use windows. Sure they may not be on your OS of choice, but if you think that the security of their machine doesn't impact you, think again.
Posted by webdev511 (254 comments )
Reply Link Flag
This is good news.
It has been along time. I like to see the US #1 at something.

I would guess that part of the reason is that we have quite a few computers in America. Most of them are networked. We also have lots of money to steal online.

Help keep the US on top. Remember, get lots of computers, get them infected, have fun!
Posted by ralfthedog (1589 comments )
Reply Link Flag
I bet it's really Russia.
I bet it's really Russia.
Posted by lingsun (482 comments )
Reply Link Flag
We are our own weakest link
Our ignorant home and corporate internet users have become our own weakest link as far as personal attacks are concerned.

We have to many people unknowingly causing the most damage to our own internet due to their own ignorance.

If one WANTS to use the internet, then they NEED to fully understand what is required to ensure that their own personal information as well as corporate information is properly protected.

That cannot be left up to Microsoft as they've proven time and again. That MUST be handled by "Those In The Know".

Bottom Line: Restrict internet access to ONLY those who understand how to properly protect their computers.

One can try to pin the blame elsewhere, but it all boils down to [http://You MUST be responsible for your own actions on the internet.|http://You MUST be responsible for your own actions on the internet.]

If you were caught with NO security protection what so ever on your PC and thus your PC was zombied by hackers to attack a company, a government organization or another PC, you should be fined and/or have your internet access removed until you get the proper security into place.

If you had security, but it was outdated, then the same or similar punishment should be dished out.

If you had security and it was up to date, but there was nothing you were able to do to prevent such hacks, then I don't think punishment should be dished out.

People MUST be held responsible for what they do. If they cannot be responsible for what they do... then NOBODY else can.

Government regulations WON'T solve the problem. Microsoft vamping up it's security WON'T solve the problem.

The problem IS IGNORANCE and thus must be dealt with accordingly. The Ignorance of others should NOT be Ignored... otherwise we end up sitting in the same boat as the ignorants!!! (* GRIN *)

Posted by wbenton (522 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.