Symantec's Annual Internet Security Threat Report (ISTR), which reviews statistics on malware, phishing and spam for the previous year, found that criminals are now buying full personal identities for less than the cost of a can of cola. For just 50 pence, criminals can gain access to credit card details, names, addresses and dates of birth.

Guy Bunker, chief scientist at Symantec, said, "This recession proof 'Underground Economy' is reaching such a level of growth and maturity that there are signs of a price war developing, as online criminals find it increasingly easy to steal private details, and barter to sell them for bargain prices. As above ground the world economy spirals, the Underground Economy has never been healthier."

Credit card details are selling for as little as 40 pence ranging up to £20 for the most desired credit cards. Bank account credentials were fetching as much as £675, while full identities can be bought for between 50 pence and £40.

"There's also a lot more specialisation in the criminal 'supply chain'," says Bunker. Different groups are taking on specific activities, such as compromising legitimate web servers to plant malware that can extract data or add unsuspecting users to botnets, creating phishing emails targeted to lucrative individuals or segments, or commercialising exploits through money transfer systems.

Symantec's report states that 1.6 million individual malicious threats were discovered in 2008, representing 60 per cent of the 2.6 million malicious threats that Symantec has detected in last 27 years

"This highlights the size of the problem we are now dealing with," says Bunker. ""The illegal world of Internet crime is no longer perpetuated by spotty teenagers, it is attracting intelligent adults, very often in some of the world's developing countries such as Brazil and India. This booming underground economy really is bucking the global recession trend. With over 100,000 malicious codes born every working day, it's not just the technology and code that's getting clever... it's also the approach and the strategy behind each attack."

At the same time, Bunker admits that the prevalence of DIY kits online has fuelled the growth in malware and phishing, as the tools for creation and modification of attacks are readily available to anyone. "For example, we  found that one particular phishing kit alone was responsible for 14% of the volume of phishing lures and dummy sites reported in 2008," he says.

40% rise in US phishing victims

A report from Gartner published today reveals the impact of this trend. It found that more than five million US consumers lost money to phishing attacks in the 12 months ending in September 2008, a 39.8 per cent increase over the number of victims a year earlier.

In September of 2008, Gartner surveyed 3,985 U.S. online adults to determine the number of US adults who have been victimised by phishing attacks, as well as the methods being used by criminals to execute these crimes.

The survey uncovered a trend toward higher-volume and lower-value attacks. Although the number of consumers who lost money to phishing attacks increased in 2008, average losses decreased. The average consumer loss in 2008 per phishing incident was $351, a 60 per cent decrease from the year before.

Phishing attacks continue to exact financial damage on consumers and financial institutions. Consumers recovered 56 percent of their losses, meaning that most fraud costs were borne by consumer banks, PayPal and other financial service providers.

66 per cent growth in detected phishing attempts

In its review of 2008, Symantec detected 55,389 phishing website hosts, an increase of 66 per cent over 2007, when Symantec detected 33,428 phishing hosts. The report also highlights that Poland hosted the highest percentage of phishing websites to which users in Europe, the Middle East and Africa (Emea) were directed by phishing lures in 2008, with 18 percent of all known lures

Besides phishing fraud, the Symantec report highlighted a number of other trends in online threats. It also noted that web-based attacks remain the primary vector for malicious activity. Of all the vulnerabilities identified in 2008, 63 percent affected web applications, up from 59 percent in 2007

47 per cent rise in active bots

Finally, according to the report, 2008 was also a massive year for the bot, whose presence in the online world is rising steadily. Symantec observed an average of 32,188 active bots per day in the Emea region in 2008, a 47 percent increase from 2007, when 21,864 active bots were detected.

• Spain was the top ranked country in Emea for bot infections in 2008, with 15 percent of the total
• Lisbon was the top city, accounting for 5 percent of all bot infections in the region
• In 2008, Symantec identified 5,147 distinct new bot command-and-control servers in Emea, of which 40 per cent were through irC channels and 60 per cent on http, with the trend increasingly towards http control, because the traffic is easier to disguise and encrypt.
• Russia was the top country for bot command-and-control servers in Emea, with 20 percent of the regional total