Hacked Home PCs Fueling Rapid Growth in Online Fraud

By Brian Krebs
washingtonpost.com Staff Writer
Monday, September 19, 2005; 2:06 PM

Online criminal activity of nearly every variety surged in the first half of 2005, fueled in large part by a huge increase in software security flaws and in the number of home computers being used against their owners' wishes to distribute spam, spyware and viruses, according to a new report.

The six-month period saw the discovery of a record 1,862 new software vulnerabilities, according to Cupertino, Calif.-based Symantec Corp. The company classified nearly all of those flaws as moderate to high security threats, and found that about 60 percent of them were found in Web-based applications.

Security holes in Web-based programs are especially serious threats for businesses because attackers can use them to bypass a company's perimeter security measures -- such as Internet firewalls -- or to access confidential information.

Some of the most common and dangerous vulnerabilities are found in Internet browsers. While Mozilla's Firefox browser gained popularity this year after being touted as a more secure alternative to Microsoft's nearly ubiquitous Internet Explorer browser, security researchers uncovered 25 security holes in Firefox during the first half of 2005, nearly twice the number found in IE.

But Arthur Wong, vice president for response and managed security services at Symantec, said Firefox's flaws "certainly [don't] mean it's any more vulnerable than other browsers," because Mozilla tends to issue security patches to mend problems much sooner than Microsoft does for IE.

Symantec also tracked a massive increase in the number of "denial of service" attacks. These online attacks employ thousands of "bots" -- usually personal computers that have been hacked into through known software holes so they can be remotely controlled by online criminals -- to overwhelm target Web sites with so much junk data that they can no longer accommodate legitimate visitors.

According to Symantec, denial-of-service attacks spiked from an average of 119 a day to 927 a day during the first half of 2005.

The rise is directly related to the increasing number of home-computer bots, Wong said. During the study period, the number of active bots observed each day on the hundreds of networks it monitors for customers more than doubled from 4,348 to 10,352 bot computers.

"It's more dangerous [today] than it ever has been," Wong said.

But security experts say Symantec's estimates represent but a small fraction of the global bot epidemic. The nonprofit SANS Internet Storm Center, which tracks hacking trends, sees an average of 260,000 bots each day being used to locate other vulnerable computers, said Johannes Ullrich, the center's chief technology officer.

Criminal groups increasingly are making their "botnets" available for sale or rent as distribution networks for spam, spyware and viruses that record and transmit the victim's computer keystrokes, Wong added.

"Whereas most of these bot networks once were predominantly used for [denial of service] attacks, more and more we see that them being used to propagate malicious code and spam," he said.

One form of spam known as "phishing" -- where scam artists use e-mail to lure people into entering their personal and financial data at fake bank and e-commerce Web sites -- also saw a dramatic rise this year. In six months, the volume of phishing e-mails grew from an average of about 3 million a day to about 5.7 million, according to the Symantec report.

© 2005 The Washington Post Company