Malware madness and spammers in the slammer: The year in cybercrime

One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices. View our slide show of 2008's biggest tech crime stories

Security software company Symantec became the latest company to raise red flags about what it called the "underground server" economy last month, when it issued a report estimating that roughly $276 million worth of goods and information is available on online black markets. Credit card data accounted for 59% of the information available for sale on underground servers, Symantec reported, with identity theft information (16%), server accounts (10%), financial accounts (8%) and spam and phishing programs (6%) trailing far behind.

What's even more unnerving than the availability of this information is its low price. According to Symantec, bank account credentials are selling for $10 to $1,000, while information about financial Web sites' vulnerabilities sell for an average $740. If all the stolen information available on the servers were exploited successfully, it would bring in about $5 billion, Symantec estimates.

One big reason this data is more widely available is that writing malicious code has grown from a hobby for many hackers into a full-time job where code writers make a living stealing information and selling it over underground server systems, says Dave Marcus, security research and communications manager at McAfee Avert Labs.

"Malware used to be written for bragging rights," Marcus says. "It was about who could write the fastest worm or the biggest virus. Now it's about making money, what kind of data or payload you can get from a machine, and what you can do with it."

As malware has become more sophisticated, it has increased its reach throughout the Internet. According to a report issued by Google earlier this year, about 1.25% of all Internet search results in February 2008 contained at least one malicious URL, a large increase from the 0.25% of Internet search results in April 2007 that contained at least one malicious URL.

This dramatic jump in malicious search results has coincided with several security firms reporting enormous jumps in malware instances in recent years. Between 2006 and 2007, for instance, Symantec reported that it detected roughly 712,000 new malicious code threats, a 468% increase from the 125,000 threats detected the previous year. Spanish security company Panda Security, meanwhile, reported that malware increased by 800% between 2006 and 2007, as the company detected an average of more than 3,000 types of malware per day in 2007.

The spread of malware and underground servers has produced some devastating results for some businesses so far: The U.S. Department of Justice revealed this summer that a group of hackers used a combination of wardriving, sniffer software and SQL injection attacks to steal more than 40 million credit and debit card numbers from TJX, OfficeMax, Barnes & Noble and other companies and store them on underground server systems in the United States, Latvia and Ukraine.