Quoting Australian IT 

WRITERS of malicious code are starting to exploit the virtualisation techniques being increasingly used by enterprises, in order to increase the impact of their bot networks, security software seller Symantec says.

Symantec Pacific region vice-president David Sykes says virtualisation offers writers of malicious code the same advantages that it offers legitimate users.

"If you can penetrate the virtualisation code and be part of that, you have harnessed the power of virtualisation for the purposes of that bot."

Such techniques are in their early days, he says. "We are seeing some initial, exploratory work there."

Discussing the latest edition of Symantec's Internet Security Threat Report, Sykes says there are now more than six million bot-infected computers around the world, a 29 per cent increase on the first half of 2006.

Symantec has also started to track "underground" servers distributing stolen personal details, Sykes says.

Data on the servers include credit card information and other details that could be used to fake an individual's identity, he says.

"These guys tend to masquerade as chat rooms and things like that.

"We have a bunch of them that we know are underground servers. More than half of them are in the US."

The servers identified by Symantec are just the "tip of the iceberg", Sykes says. "If we can pick them, they are the easy ones."

Data collected in conjunction with the Privacy Rights Clearinghouse indicates that 54 per cent of identity thefts occur through the loss or theft of hardware such as laptops, mobile phones and storage devices such as USB keys, Symantec reports.

"Twenty-eight per cent were the result of poor security policies," Sykes says. Windows Vista and Web 2.0-style collaborative systems represent a "fantastic opportunity for the bad guys" and are areas that Symantec will watch closely in coming reports, Sykes says.

Read the original, here.