Online hacking organized.

Online, for as little as $14, you can pick up a new identity, complete with working U.S. bank account, credit card with security code, date of birth and government-issued social security number.

"You can become a brand new American. It's frightening that it could be sold pre-packaged and ready to go like that," said Alfred Huger, vice president of the Symantec Security Response at Cupertino software maker Symantec.

The low cost of stolen identities in the underground economy is just one of many chilling statistics in the company's semiannual Internet Security Threat Report, released today. The report tracked online threats, such as viruses and phishing scams, from July through December of last year, on the tens of millions of computer systems used by the company and its customers.

For the first time, Symantec also set up a group of servers without any protective software, then, after online criminals took control of them, collected information on the black market transactions occurring on the systems. While the security industry has shown increasing concern about the professionalization of online crime for more than a year, the new data describe a massive, sophisticated shadow information economy, with huge lists of bank account information, e-mail addresses, and even World of Warcraft online video game accounts bought and sold in bulk.

The number of Symantec-tracked computers controlled by networks of bots, or software robots, increased by 29 percent from early 2006 to 6,049,594. Yet the number of command-and-control systems, which run the bot networks, dropped by 25 percent to 4,746. This could mean that the network owners are expanding and consolidating, just like in the legitimate business world.

Symantec also found that much of the computer code was compiled, or translated into usable software, during standard, 9-to-5 work shifts in the country of origin.

"The hobby-horse hacker is a thing of the past. These guys work business hours," Huger said. "It's pretty organized, which is the scary part. Now we're seeing a well-oiled machine for stealing data."

Among the other findings was that China had 26 percent of the world's bot-infected computers, more than any country, a statistic mostly explained by the torrid growth of the Chinese technology industry. Slightly more than half of all underground economy servers known to Symantec were based in the United States.

As Microsoft tightens up security on its operating systems, including the just-launched Windows Vista, software applications have become an increasing target. During the period Symantec tracked, over 168 vulnerabilities were found in Oracle's database software. Four zero-day attacks, the dangerous attacks that take advantage of previously unknown software vulnerabilities, were launched against Microsoft's Office programs. The 12 total zero-day attacks were the most for any six-month period in recent memory -- Symantec usually sees only a couple per year.