Bell Canada's internet service carried the most "malicious activity" — such as spam and computer attacks — in the country in the last half of 2007, a report on internet security said Tuesday.

The twice-yearly report from Symantec Corp., the producer of Norton Antivirus software, placed Canada ninth worldwide for malicious activity. The United States ranked first.

The company, which collects details on malicious code from more than 120 million computers running its antivirus software and decoy accounts that collect spam, reported 711,912 new malicious code threats online in 2007, up 468 per cent from 2006, when it found 125,243. 

In Canada, Bell's internet users were responsible for 17 per cent of the malicious activity.  

Dean Turner, the Calgary-based director of Symantec's Global Intelligence Network, said this finding was not surprising.

"Honestly, I think it's just because they [Bell] are the biggest target," he said. "They have the largest percentage of broadband users in Canada at 24 per cent."

Bell Canada spokesman Jason Laszlo said the company had not seen the report.

"I trust that once we've had a chance to review the data, we will be able to reinforce what we've known all along, that we have Canada's safest and most secure network," he said, adding that Bell is one of Symantec's largest Canadian customers for security software.

Service providers likely unaware of bad code

Shaw Communication's network ranked No. 2 in Canada in carrying bad code, with about 16 per cent of the country's malicious internet traffic, followed by Canaca-Com Inc. and Cogeco, each with eight per cent, and SaskTel, with five per cent. Rogers Communications, Primus and Peer One each accounted for three per cent, while IWebtechnologies networks carried two per cent.

Turner said service providers and internet users often don't know that malicious activity is happening.

"I would argue quite strongly that in the large network cases, the ISPs are the victims," he said. "Can you imagine how hard it is for them to stop malicious activity?"

He also said that it would be difficult for the service providers to control viruses and other bugs without being heavy-handed.

"We would be very angry, I think, in a lot of ways, if the ISPs were monitoring our traffic and sort of acting like Big Brother."

Competition sends stolen data prices downward

The study also found that increasing competition among hackers was driving prices for stolen information downwards. Credit card numbers were selling for as little as 40 cents each, in batches of 500, and bank account information for $10 US on instant-message groups and web forums.

Full identities — including a functioning credit card number, U.S. social security number or equivalent and a person's name, address and date of birth — were selling for as low as $100 for 50, or $2 each. However, some are worth more than others, with European Union identities selling for $30, or an average of 50 per cent more than U.S. identities.

The study also found that the web is now the main stop for attack activity.

In the past, users needed to open a virus-infected e-mail or visit a dubious website to become a victim. Hackers are now targeting legitimate websites, including social networking sites, using cross-site scripting, which allows hackers to insert malicious code into trusted websites.

The report said this type of attack is popular because few of the sites are fixed quickly. Of the 11,253 found during the second half of 2007, only 473 were patched, the report said.

Corrections

  • Viruses were not included in the malicious computer activity reported by Symantec Corp., as was originally reported.
    Apr 09, 2008 2:50 AM ET
With files from the Canadian Press and the Associated Press