Two weeks into November, the ninth version of Mimail took that ruse a step further, attempting to take victims to second Web page that asked for a Social Security number, date of birth and mother's maiden name -- three pieces of data that financial companies rely on most to verify the identities of their customers. The last two Mimail variants to hit the Web also hijacked infected computers to attack anti-spam Web sites.
Ken Dunham, malicious code manager for iDefense, a security company in Reston, Va., predicted more virus authors in 2004 will start honing their creations to target specific groups of Internet users.
The most visible example of that activity came with the emergence in June of "Bugbear.B," a worm that security experts called the first Internet attack aimed directly at the financial services industry. Bugbear contains a list of nearly 1,200 Internet addresses for some of the world's biggest banks, including American Express, Bank of America and Citibank.
Bugbear was designed to tell if an infected computer belongs to a person using an e-mail address from any of those financial institutions, and then steal passwords to make it easier for attackers to hack into bank networks. Bugbear remains among Symantec's Top Five list of most prevalent Internet attacks.
Another big trend in 2003 that experts believe will only get worse in the new year is the growing number of malicious programs unleashed on the Internet that can give criminals some form of control over an infected computer, a problem fueled by the proliferation of unsecured broadband connections that make it possible for hackers to gain access to thousands of machines with the release of one cleverly written virus or worm.
Nothing demonstrated the growing threat this year better than "Sobig," a worm that spawned six different incarnations since January. Sobig and its cousins were the fastest-spreading and most infectious worms ever, according to MessageLabs Inc., a New York-based e-mail security firm.
In June, anti-virus experts discovered that computers infected with Sobig were seeded with a tiny program that turned them into remotely controllable spamming machines. MessageLabs found that nearly two-thirds of all spam on the Internet today is being relayed through computers running software relays of the sort left behind by the latest version of Sobig -- evidence to support a suspicion among many security experts that spammers and virus writers are increasingly working together.
The success of Sobig and other similar viruses has spawned a whole new illegal marketplace, as criminals pay hard cash for lists of infected computers.
"We have ample evidence to suggest that there is an increase in hard currency being traded for [vulnerable] machines," said Kevin Houle, a senior member of the technical staff for the CERT Coordination Center, a government-funded security watchdog group at Carnegie Mellon University in Pittsburgh.
"It has always been the case that there's been this underground barter system, where people will say 'I'll give you one stolen credit card number for X number of compromised machines,'" Houle said. "What we're seeing more of is 'I will pay you X number of dollars for these same resources."