In a report to be released today, security software maker Symantec Corp. says sophisticated thieves sell code to criminal middlemen for as much as $1,000 per program. The middlemen then push the code to consumers, who may be duped into participating in a scam, or who may have their passwords, financial data and other personal data stolen and used by identity theft rings. The savviest hackers lock middlemen into long-term service contracts so they can automatically push the newest exploits on unwitting consumers and compensate for patches developed by legitimate programmers. “These people are taking a huge risk, and either they’re stupid – which we don’t believe is the case – or they’re making big money,” said Alfred Huger, vice president of Symantec Security Response. Symantec’s new report covers the first six months of 2007 and draws on attack data gathered from more than 120 million computers running Symantec antivirus software and more than 2 million decoy e-mail accounts designed to attract spam and other shady messages from around the world. Among the findings: The sale of stolen personal information online continues to grow. The United States is the top country for so-called underground economy servers, home to 64 percent of the computers known to Symantec to be places where thieves barter over the sale over verified credit card numbers, government-issued identification numbers and other data. Germany was second and Sweden ranked third. China had the most computers infected by Web robots, or bots – software that performs automated tasks online, such as propagating spam, often without the knowledge of the computer’s owner. China had one-third the world’s computers conscripted by “bot herders.” The number of threats caused by malicious code has ballooned. In the first six months of the year, 212,101 new malicious code threats were reported to Symantec, an increase of 185 percent over the previous six months. But researchers agreed that professional-grade service agreements between cyber criminals and their agents was the most alarming trend. A small number of malicious “toolkits” – bundles of exploits that allow criminals to customize their own scams and attacks – is responsible for a growing number of attacks. Only three toolkits were responsible for 42 percent of the 2.3 million so-called `phishing’ messages spotted and blocked by Symantec during the first six months of the year.160Want local news?Sign up for the Localist and stay informed Something went wrong. Please try again.subscribeCongratulations! You’re all set! CRIME: Symantec says that sale of hackers’ knowledge has become big business. By Jordan Robertson THE ASSOCIATED PRESS SAN JOSE – Online crooks are quickly enlarging an already vast sales and distribution network to propagate spam and send malicious software in hopes of infecting millions of computers worldwide, according to a new report.