Google Says Spam, Virus Attacks to Get More Clever

eweekhickins writes "Google's Postini team says new attacks will take the form of sneaky viruses that will blend with spam, leveraging specific current events, such as the Super Bowl or the Summer Olympic Games. Better yet, virus attacks will target executives at companies whose intellectual property is deemed valuable on the black market. A lot of these attacks will masquerade as legitimate business agencies, such as the Internal Revenue Service, the Better Business Bureau and the SEC."

SSDD

[SnoopJeDi]

These attacks will masquerade as legitimate business agencies

The bastards!! I'd better warn my associates in South Africa.

Seriously, TFA comes off as a padded version of "uhm, so...they're probably going to keep finding new ways to do this...since that's what they already do". The report itself looks to hold a little more substance, but then, I guess it's hard to make news out of spam that doesn't involve a big shift in the court, because it's pretty boring by definition.

ASCII art

[Nimey]

I've been getting a few spams lately that are ASCII art advertising for "viagra". Fairly clever way of getting past the filters, anyway.

Re:ASCII art

[Jason+Levine]

Here's a link:

http://www.jasons-toolbox.com/images/ASCIISpam.jpg

Obviously that mess of characters between "www" and "com" was their URL which I've munged so as not to give them any traffic.

Targeting executives

[Jikrschbaum]

Well that seems the way to go. I must admit a general low opinion on most executive types; one of my favorite examples of why I have a low opinion would be the dressing down a fellow IT staffer got from the CEO. The CEO was upset that when he dialed numbers from his phone's address-book while out of state he was getting wrong numbers and or invalid number recordings. After being told that he needed to dial the area code, the CEO erupted loud enough that I could hear it through the handset "Why do I need to know about area codes!?!?" Anyway I am certain that whatever directed attacks spammers/virus writers/phishers make against these less than stellar inDUHviduals will succeed at alarming rates.

Time for PGP/SMIME to go mainstream?

[mlts]

Decent cryptographic technologies have been with us for a while. I wonder about someone like Verisign making an EV-like system for E-mail certificates, where people/companies/organizations can apply, and after a thorough vetting, get a certificate (preferably on a hardware cryptographic token) that that person is whom they claim to be. Of course, E-mail clients like Thunderbird, mail.app, and Outlook would have to be updated to show that a mail is authentic.

This would help against spam similar to how anti-phishing technologies in IE and Firefox protect against bad websites, but its still not perfect.

S/MIME and PGP are strong technologies to help against fraud. I just wish more companies would send out mail with it. For example, one could register a PGP public key with a shop, and when the shop would send E-mail, it would send it signed, and encrypted to that key. Even just using S/MIME's signing capability which works with virtually any E-mail client [1] would help matters greatly.

[1]: Even pine and mutt support S/MIME. A lot of cellphones support this functionality as well, such as all recent Windows Mobile devices and Blackberries.

phishing attacks against irs.gov

[swm]

I've already seen two of these.
One was an ordinary phishing attack.
The other gave a URL in a valid subdomain of irs.gov
So either
- the attack was broken (certainly possible)
- the attack was relying on DNS cache poisoning or compromised servers

Like the numbers stations

[GlobalEcho]

I've sometimes wondered how much (if any) spam is actually just a numbers station.

What happened to "Bayesian Filters"...

[Joce640k]

Whenever I mentioned spam a few years ago all the geeks would tell me that Bayesian Filters would totally solve the problem.

What happened?