Symantec has today unveiled the results of its latest Internet Threat Report, revealing a 53 percent rise in the number of phishing messages January and June 2007.

According to Con Mallon, Symantec's product marketing manager, consumer division, there is now a sophisticated underground economy that trades in phishing kits and stolen identities.

While not quite as straightforward or transparent as an online sales site such as Amazon or eBay, an established underground economy is doing a brisk trade in personal information and readymade phishing kits that can be used to spoof websites with the express purpose of 'phishing' for visitors' personal details. The security firm said cyber criminals selling such information via forms of pyramid schemes can earn around £4,500 a week.

Other kits can be used to target email addresses. In both cases, buyers are using them primarily for financial gain.

The trend towards such a "commercialisation of threats" means that phishing attempts and other exploits are no longer solely the domain of those with the technical skills to write the necessary code; instead, for just a few pounds, other companies can buy readymade kits off the shelf.

If you know where to look and spend some time building up your credibility on the relevant underground web forums, buying such kits is relatively easy. Symantec's Mallon says it's a matter of who you know online, rather than seeking out such underground sites using traditional search tools.

Symantec's Internet Security Threat Report found that credit cards were the most popular item advertised, accounting for 22 percent of all goods for sale on underground economy servers. The US is the top host of such underground economy servers, accounting for 64 percent of those known to Symantec. Germany and Sweden were the next most common countries where such servers were found.

Credit cards were sold from as little as 25p and for a maximum of £2.47 while complete bank account details - at 21 percent, the second-most common type of detail sold - cost from anywhere between £15 and £198.
Symantec found email passwords being traded from 50p and complete identities starting at £5.

The US was also the most common country from which ID theft and phishing attacks were launched, with a quarter of all attacks originating from there. China was next, originating 13 percent of phishing attacks. The UK was joint fifth with Spain, both of which accounted for five percent of attacks. Part of the reason so many attacks come from the US and the UK, said Mallon, is the popularity of the English language, making other English speaking websites and web users natural targets.

Mallon said Symantec is not at liberty to disclose how it knows of particular sites where identities are traded and phishing kits sold but said that its six-month survey detected 2.3 billion phishing messages using "a number of techniques".

Rather than explicit tools to track such attempts, the security company said it uses a range of tools and software to identify phishing messages. There are not telltale signs, but volume of traffic is a good indicator.
Another clue is in the IP (internet protocol) address: 86 percent of all phishing websites reported to Symantec were hosted on 30 percent of phishing IP addresses - something that led the company to conclude that off the peg toolkits were being used more and more. The three most widely used toolkits were responsible for 42 percent of all phishing attacks Symantec identified.