After more than a year perfecting their techniques on gambling and pornographic websites, the gangs are starting to turn their talents to mainstream e-commerce operations.

"It's pretty much a daily occurrence that one of our customers is under attack, and the sophistication of the attacks is getting better," said Ken Silva, a vice president at VeriSign Inc., the company that maintains the ".com" and ".net" domain name servers and provides security to many firms.

• Last month, Authorize.net, one of the biggest credit-card-services processors for online merchants, was hit repeatedly over two weeks, leaving thousands of businesses without a means to charge their customers.

• In April, hackers silenced Card Solutions International, a Kentucky company that sells credit card software over the Web, for a week after its owner refused to pay $10,000 to a group of Latvians. Only after switching Internet service providers could the company come back online.

• In August, a Massachusetts businessman was indicted on charges of orchestrating attacks on three television-services companies — costing one more than $200,000. The case against Saad Echouafni is one of the rare instances in which alleged attackers have been identified and charged. Echouafni skipped bail.

Many more attacks go unreported. "You're just seeing the tip of the iceberg," said Peter Rendall, chief executive of the Internet filter maker Top Layer Networks.