Businesses face 'explosion' in bot armies

Education and small business could be the unwilling pawns of organised crime and their growing bot armies, Symantec's latest internet security report says.

The report, based on activity in the first half of this year, says worldwide denial-of-service attacks against organisations grew on average to 927 a day, a 679-per-cent increase on the previous six-month period.

David Sykes, Symantec's vice-president and general manager of the Pacific region, said online attacks were growing in volume and sophistication.

"The days of these guys doing this stuff for fun and kudos are pretty much gone," he said.

Phishing - or the fraudulent attempt to gain confidential information - also grew from an average of 2.99 million emails a day to 5.7 million.

Malicious code designed to expose confidential information accounted for 37 of the top 50 malicious code samples, up from 27.

Symantec also documented more than 10,866 new Win32 viruses and worms, up 48 per cent.

The growth of financial criminal activity as opposed to merely disruptive criminal activity could signal the rising involvement of organised crime.

"I don't think you'd be out of hand to make that conclusion," Sykes said. "They are going after money, they are targeting financial institutions."

However, Sykes said education and small business had overtaken financial services as the most frequently targeted industry.

Education facilities tended to have large, easily accessible networks and small businesses were often less well protected because of resource constraints.

Both could be used as barracks for massing bot armies, which could then be used to blackmail a company under threat of a mass denial-of-service attack.

Bots, short for robots, are programs covertly installed on computers, that can be built into a network and enable unauthorised remote control.

"We're seeing bot networks just explode," Sykes said.

Bot network activity more than doubled, with Symantec identifying an average of 10,352 machines per day, up from fewer than 5000.

Bot infections can be picked up as easily as cookies.

"So now a single bot infection may start to take stuff off your personal computer, but then sit there waiting to hook up with a bot army for a denial-of-service attack."

New system vulnerabilities are identified on average at the rate of 10 a day, take six days to be attacked but a much longer 54 days to "patch", or protect.

Symantec's biannual internet security threat report gathers data from sources including 120 million client systems, two million decoy accounts and 24,000 network activity sensors in 180 countries.

Fraud on the rise

* 1.04 billion phishing attacks blocked, up 90 per cent.

* 927 denial-of-service attacks a day, up 679 per cent.

* 33 per cent of attacks originate in the US.

* Education and small businesses targeted most.

* Bot armies hidden on computers may be used for blackmail