That reality and the widespread availability of exploitable software and Web sites are making it such that industrious criminals are making a great deal of money and rapidly expanding the scope and professionalism of their operations, said Alfred Huger, vice president of Symantec's Security Response research group.
"Virus writers' professionalism has been advancing for years, but the sheer volume of attacks that we're seeing right now is amazing; of all the Web-based attacks that we've ever seen, a full two-thirds of those threats were created in 2007," Huger said.
"Without question there are far more people working on the criminal side, and automation plays a big role, but the different attack iterations that we're finding aren't just altering minor pieces of the malware code anymore," he said. "They're adding whole new features, using customer feedback to improve their functionality, and it's very clear that they are being created in a far more organized fashion."
Huger said that while malware development has traditionally flourished in areas of the world where levels of technical skill are high and legitimate job opportunities are scarce -- including China, Russia, and areas of Eastern Europe and Latin America -- larger numbers of people are likely choosing to get involved in cyber-crime today because it pays so handsomely.
Symantec itself hires workers in all of those areas of the globe, and there are often well-salaried positions available for developers with the level of coding skill that the security company is observing in the attacks coming out of the regions, Huger said.
However, the biggest catalyst to the advancement of the underground economy remains the ubiquitous nature of software vulnerabilities, allowing hackers to take over legitimate Web sites and online applications to deliver their attacks to unsuspecting users, Huger said.
Symantec is increasingly seeing those types of threats -- most notably cross-site scripting attacks -- outpace the creation of more traditional e-mail based exploits. During the last six months of 2007, Symantec tracked a total of 11,253 site-specific cross-site scripting vulnerabilities, far more than the than the 2,134 traditional vulnerabilities documented by the company during the same timeframe.
