Google Says Spam, Virus Attacks to Get More Clever

eweekhickins writes "Google's Postini team says new attacks will take the form of sneaky viruses that will blend with spam, leveraging specific current events, such as the Super Bowl or the Summer Olympic Games. Better yet, virus attacks will target executives at companies whose intellectual property is deemed valuable on the black market. A lot of these attacks will masquerade as legitimate business agencies, such as the Internal Revenue Service, the Better Business Bureau and the SEC."

And you know

[WindBourne]

that these will be successful. So many suckers, so little time.

Re:And you know

[Brian Gordon]

I'm thinking the suckers are the ones paying these guys to wildly speculate about things everyone suspects..

Re:And you know

[KublaiKhan]

Absolutely. The IRS ones, especially, are bound to be extremely successful this year, as everyone knows about the little bonus coming sometime in May, so a little phishing trip to "confirm your details" on an official-looking website will likely take in a few hundred folks...

YAWN

[samos69]

This is a sales pitch, there's nothing new in that article. Google is just fishing for more business for postini...

Re:Crims get more entrepreneurial

[LurkerXXX]

No one should be surprised at all. Everything in that /. topic that google says is going to happen has already happened. Those exploits have already been tried. This is not news. This is not a prediction. This is a newsflash that the sky is likely to be blue tomorrow.

Good idea, however...

[querist]

The underlying concept of your idea is good.

However, I can see a few issues that would impact the rate of adoption and the overall utility of your approach (assuming, for the sake of simplicity, that the cryptographic aspects are implemented in a truly secure manner, the crypto itself is strong, etc. I fully realize that this is like the proveribial "frictionless surface" and the proverbial "ideal conductor" used in science books. I'm just trying to cover the big points here, OK?):

1. It will not happen until Verisign (for example) decide that there is enough of a market that they can make a decent profit.

2. It will either price small businesses out of the market (given Verisign's prices, this is likely) or it the price will be such that small businesses can afford it and then so can the spammers. Before you start claiming that is why there is a vetting process, I would suggest that hurdles low enough for small "mom-and-pop" businesses to jump will be low enough for a determined spammer.

3. Either we need a "Root CA" mechanism like other certificates (again, profit and "are you sure you can trust this") or the whole "web of trust" thing from PGP. The web of trust would be difficult in that it would make legit messages appear fake until you can determine it. Also, how would "Joe Sixpack" know the difference between a legit cert for the IRS and a faked one?

Your idea is good. Unfortunately, the current environment is not ready for it. I hope we will see the day when it will work.