Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Says Spam, Virus Attacks to Get More Clever

CmdrTaco posted more than 6 years ago | from the also-good-feels-good dept.

Security 108

eweekhickins writes "Google's Postini team says new attacks will take the form of sneaky viruses that will blend with spam, leveraging specific current events, such as the Super Bowl or the Summer Olympic Games. Better yet, virus attacks will target executives at companies whose intellectual property is deemed valuable on the black market. A lot of these attacks will masquerade as legitimate business agencies, such as the Internal Revenue Service, the Better Business Bureau and the SEC."

cancel ×

108 comments

Sorry! There are no comments related to the filter you selected.

And you know (4, Insightful)

WindBourne (631190) | more than 6 years ago | (#22703018)

that these will be successful. So many suckers, so little time.

Re:And you know (4, Insightful)

Brian Gordon (987471) | more than 6 years ago | (#22703166)

I'm thinking the suckers are the ones paying these guys to wildly speculate about things everyone suspects..

Re:And you know (0)

Anonymous Coward | more than 6 years ago | (#22703590)

I think that the torpig rootkit confirms this... it isn't just suspicion.

Re:And you know (2, Insightful)

KublaiKhan (522918) | more than 6 years ago | (#22703168)

Absolutely. The IRS ones, especially, are bound to be extremely successful this year, as everyone knows about the little bonus coming sometime in May, so a little phishing trip to "confirm your details" on an official-looking website will likely take in a few hundred folks...

Re:And you know (2, Funny)

Brian Gordon (987471) | more than 6 years ago | (#22703872)

A few hundred? You are aware that there are at least ten thousand people connected to the internet..

Re:And you know (1)

hoggoth (414195) | more than 6 years ago | (#22703980)

> A few hundred? You are aware that there are at least ten thousand people connected to the internet..

ten thousand?
Radiometric dating shows there are at least 4.54 billion people connected to the internet.

Re:And you know (0)

Anonymous Coward | more than 6 years ago | (#22704468)

It'more... considering most people on the net don't even date.

Re:And you know (1)

sgbett (739519) | more than 6 years ago | (#22704960)

i heard it was more like just over 9000

Re:And you know (1)

Brian Gordon (987471) | more than 6 years ago | (#22706120)

Nah, that was over 100 years ago.

Re:And you know (1)

XHIIHIIHX (918333) | more than 6 years ago | (#22709026)

You can't prove there are more then 10,000 people on the internet. Most of them are rejects anyway.

Re:And you know (1)

thrillseeker (518224) | more than 6 years ago | (#22703928)

My mother has already been targeted this way, although via phone.

Re:And you know (0, Funny)

Anonymous Coward | more than 6 years ago | (#22704328)

Your mom is targeted in many other ways, also.

phishing attacks against irs.gov (3, Interesting)

swm (171547) | more than 6 years ago | (#22704384)

I've already seen two of these.
One was an ordinary phishing attack.
The other gave a URL in a valid subdomain of irs.gov
So either
- the attack was broken (certainly possible)
- the attack was relying on DNS cache poisoning or compromised servers

Re:phishing attacks against irs.gov (1)

WaltBusterkeys (1156557) | more than 6 years ago | (#22704778)

It's also possible that it just looked like a text link to IRS.gov. I've seen a fair bit of spam these days that looks like it has a text link to a proper eBay domain name, but the text of the link is not the same as the URL that is actually linked. In other words, it just LOOKS like a proper link, but really sends you off to some offshore webhost.

Thunderbird is pretty good about noticing those types of problems -- if the linked domain doesn't match it'll give a warning message.

Re:And you know (1)

LooseBrie (1060650) | more than 6 years ago | (#22710122)

1. Run virus 2. Virus changes DNS settings to poisoned server 3. Virus deletes itself 4. Profit! The more I think about it, the more potent this attack is - no antivirus will help you. Yikes.

Re:And you know (1)

ArcherB (796902) | more than 6 years ago | (#22703298)

And you know...
that these will be successful. So many suckers, so little time./quote.

Not with me. I us Linux and get my meds from my doctor (or local dealer, depending on the "med").

Re:And you know (1)

ArcherB (796902) | more than 6 years ago | (#22703346)

PIMF! Must be on the meds again!

And you know...
that these will be successful. So many suckers, so little time.
Not with me. I use Linux and get my meds from my doctor (or local dealer, depending on the "med").

(that looks better)

Re:And you know (1, Funny)

Anonymous Coward | more than 6 years ago | (#22703410)

seriously... slashdot should provide us with some way to "preview" our comments before submitting.

j/k

Its kinda ironic (2, Funny)

mixtape5 (762922) | more than 6 years ago | (#22703874)

how at the end it asks you to click a link to download the full report. (ITS A TRAP!!)

Re:And you know (0)

Anonymous Coward | more than 6 years ago | (#22705970)

Stoping spam is so much easyer then people think, make a gov agency with the rights to follow the money anywhere it goes, buy said product in the spam, charge it back and charge the owner of the account with assisting in spamming (just in case the guy with the card macine is not a real spammer.

Basicly make the punnishment so bad noone will do it, Ligit websites have vary little to fear since someone actully has to make a buy for this to work.

Finally First Post (0)

ktstzo (885924) | more than 6 years ago | (#22703084)

Hurray,

off course virus will get smarter, do the evolution baby :)

This Just In! (-1)

Jeremiah Cornelius (137) | more than 6 years ago | (#22703106)

Google says you are getting older, soon!

Also, string is getting longer and the price of crude oil is increasing for the foreseeable future.

Wow. How did we manage before these prognostications?

Re:This Just In! (1, Funny)

Anonymous Coward | more than 6 years ago | (#22703154)

You must be new here.

In other news (1)

jay-za (893059) | more than 6 years ago | (#22703144)

It's also recently been reported that users are becoming more idiotic.

In other other news (1)

t33jster (1239616) | more than 6 years ago | (#22704754)

Water is wet!!!

SSDD (3, Interesting)

SnoopJeDi (859765) | more than 6 years ago | (#22703150)

These attacks will masquerade as legitimate business agencies


The bastards!! I'd better warn my associates in South Africa.

Seriously, TFA comes off as a padded version of "uhm, so...they're probably going to keep finding new ways to do this...since that's what they already do". The report itself looks to hold a little more substance, but then, I guess it's hard to make news out of spam that doesn't involve a big shift in the court, because it's pretty boring by definition.

Re:SSDD (1)

jay-za (893059) | more than 6 years ago | (#22703250)

The bastards!! I'd better warn my associates in South Africa.
I think you mean Nigeria. In South Africa the worst they will do is rape you, then murder you, then steal everything you have. They haven't moved on to the serious stuff like masquerading as legitimate business agencies yet.

Re:SSDD (0)

Anonymous Coward | more than 6 years ago | (#22703692)

Actually you left out fraud, unprotected sex with HIV positive women and singing songs about machine guns. Not to mention the cool new AIDS cure

Re:SSDD (0)

Anonymous Coward | more than 6 years ago | (#22704548)

Better yet, virus attacks will target executives at companies whose intellectual property is deemed valuable on the black market.
Don't forget your executive friends in Zaire, and the prince in .. where was that? Their inaccessible millions will be tempting beyond compare. It seems I'm safe for now. My plans to get fabulously wealthy haven't panned out yet. If only I'd stop getting physical junk mail for my defunct web design company (high school business plan, circa 1997).

You don't say? (5, Funny)

Rob T Firefly (844560) | more than 6 years ago | (#22703182)

Damn, my entire security plan really depended on them suddenly getting really really stupid. If the scammers suddenly forgot how to send email, switch on a computer, or breathe air my life would be so much easier.

Re:You don't say? (0)

Anonymous Coward | more than 6 years ago | (#22704232)

Ufff! I feel relieved! I'm not an executive. Does that mean that they will become smart enough an stop sending me crap?

What happened to "Bayesian Filters"... (3, Interesting)

Joce640k (829181) | more than 6 years ago | (#22707172)

Whenever I mentioned spam a few years ago all the geeks would tell me that Bayesian Filters would totally solve the problem.

What happened?

Re:What happened to "Bayesian Filters"... (2, Informative)

Plutonite (999141) | more than 6 years ago | (#22712096)

The geeks discovered that Bayesian filters do a reasonable learning job, but like all simple things in AI, fail the Turing test? To be fair, detecting SPAM is objectively less difficult than deciding on "humanness" because of the nature of email. While it is a very hard problem, Google and many other mail servers have recently become very proficient at spam blocking, but not perfect.

In conclusion: whenever you hear the word "totally solve" being associated with anything involving uncertain/probabilistic reasoning, you are probably being lied to.

Crims get more entrepreneurial (4, Informative)

EmbeddedJanitor (597831) | more than 6 years ago | (#22703202)

Who's suprised that the crims get more clever about the way they craft their attacks? As it gets harder to fool people with fake Viagra ads and bank phishing and other lower hanging fruit, it makes sense to start putting more effort into targeting the bigger prizes. More effort sure, but better prizes too.

Crims have always been good at adapting and exploiting conditions. The Mafia really got their power due to exploiting the prohibition. Cable thieves in South Africa are using rolling blackout schedules to plan their cable thefts.

As more business services are done online it makes sense to phish for more than some lame paypal accounts.

Re:Crims get more entrepreneurial (2, Insightful)

LurkerXXX (667952) | more than 6 years ago | (#22703372)

No one should be surprised at all. Everything in that /. topic that google says is going to happen has already happened. Those exploits have already been tried. This is not news. This is not a prediction. This is a newsflash that the sky is likely to be blue tomorrow.

Re:Crims get more entrepreneurial (1)

Rosy At Random (820255) | more than 6 years ago | (#22704812)

As someone who lives in Manchester, the sky being blue tomorrow would be a welcome surprise....

/. emails. (2, Funny)

antdude (79039) | more than 6 years ago | (#22707216)

Soon we will have /. phishing e-mails like "Cmdr. Malda wants to know your password so he can test something with your account!"

Ric Romero working for Google? (1)

dAzED1 (33635) | more than 6 years ago | (#22703246)

Should we expect reports of the sky being blue, unless it's cloudy? Water wet, rocks hard, that sort of thing?

IT systems are increasingly complex, security is still an after-thought on products (instead of a core design consideration), and there's also the simple economies of scale; what was tens of thousands of targets, became millions of targets, and is now probably billions. A simple crack that works on 0.001% of the systems will still be cost-effective for whatever the net result is, most likely.

And? Their point?

Re:Ric Romero working for Google? (1)

Actually, I do RTFA (1058596) | more than 6 years ago | (#22705608)

Water wet, rocks hard, that sort of thing?

To my pedantic mind, these are poor examples. Water is not wet, instead objects immersed in water become wet. And as for rocks being hard, it depends on the rock. Talc for example is a very soft rock, scratchable by glass, a knife or even a fingernail. See Moh's work [wikipedia.org] (he figured all this out a while ago.)

Google? Don't you just mean Postini? (3, Informative)

Raindance (680694) | more than 6 years ago | (#22703256)

Postini's a relatively recent Google acquisition. I'm not sure it's fair to say "Google this" and "Google that" when the agreement to acquire Postini is less than a year old. The spokesperson was probably just speaking for their own team and from their own culture.

Re:Google? Don't you just mean Postini? (1)

SnoopJeDi (859765) | more than 6 years ago | (#22703584)

Google's name and logo is on the report linked to in TFA, so I'd assume it IS fair to say that.

Plus, I imagine a year is an eternity at Google.

Well, which is it? (4, Funny)

mcmonkey (96054) | more than 6 years ago | (#22703260)

A lot of these attacks will masquerade as legitimate business agencies, such as the Internal Revenue Service, the Better Business Bureau and the SEC.

Will these attacks masquerade as legitimate business agencies, or as agencies such the Internal Revenue Service, the Better Business Bureau, and the SEC?

ASCII art (4, Interesting)

Nimey (114278) | more than 6 years ago | (#22703276)

I've been getting a few spams lately that are ASCII art advertising for "viagra". Fairly clever way of getting past the filters, anyway.

Re:ASCII art (1)

Hockney Twang (769594) | more than 6 years ago | (#22703314)

That sounds really disturbing.

Re:ASCII art (1)

Nimey (114278) | more than 6 years ago | (#22705104)

Not a picture as such. It's more like the output of banner(1), but the characters are smaller and smoother.

Re:ASCII art (1)

Jason Levine (196982) | more than 6 years ago | (#22703448)

I got that one also. Thought it was clever enough that I took a screenshot of it before marking it as Spam. (I obscured the URL, though, in case I post it online.)

Re:ASCII art (1)

cbart387 (1192883) | more than 6 years ago | (#22704292)

I'm curious as to how it looks. Sure you don't want to post a link to it on slashdot ? ;)

Re:ASCII art (2, Interesting)

Jason Levine (196982) | more than 6 years ago | (#22707524)

Here's a link:

http://www.jasons-toolbox.com/images/ASCIISpam.jpg [jasons-toolbox.com]

Obviously that mess of characters between "www" and "com" was their URL which I've munged so as not to give them any traffic.

Re:ASCII art (1)

ohtani (154270) | more than 6 years ago | (#22703526)

I just got this the other day too in my Yahoo! mail box. This should be interesting in seeing how spam filters detect this.

It's quite doable, but the question is if it can determine if the text is indeed ascii art.

Re:ASCII art (0)

Anonymous Coward | more than 6 years ago | (#22703704)

You know, what's really strange is that I don't know if I got that one, or not. You see, every time I see an email in my inbox with a rather generic subject line, coming from someone I don't know, I'm smart enough to delete it.

Re:ASCII art (1)

Nimey (114278) | more than 6 years ago | (#22703984)

Good for you, sweetheart. I'm doing my part by forwarding them on to Spamcop, in hopes that it will at least inconvenience the spammers by getting their accounts deleted or hosts blocked.

I wonder why? (1)

call-me-kenneth (1249496) | more than 6 years ago | (#22703286)

Hmmmmm... [slashdot.org] I wonder why that [pcmag.com] may be?

I think I'm safe... (0)

Anonymous Coward | more than 6 years ago | (#22703310)

I'm really careful about what email I open and what attachments I run. In fact, the only way I think they could get to me is if they somehow found a way to tap into my fascination with penis enlargement and cheap prescription drugs.

Wait, isn't this already the case? (2, Informative)

grasshoppa (657393) | more than 6 years ago | (#22703316)

We already see this behavior. Phishing anybody? How many of us get "BRITTAANNYIES OUT LATE NIGHT PARTYING" emails?

How? (1)

Phroggy (441) | more than 6 years ago | (#22703318)

How can Postini/Google possibly know what strategies spammers intend to pursue? It seems unlikely that the spammers would volunteer this sort of information ahead of time.

Re:How? (3, Funny)

Itninja (937614) | more than 6 years ago | (#22703420)

Everybody knows that Google is so |337 that even the spammers grace them with beta copies of new spam.

Re:How? (1)

Thanshin (1188877) | more than 6 years ago | (#22703776)

How can Postini/Google possibly know what strategies spammers intend to pursue?
Google's investigators are dating hot chicks who believe in astrology, obviously.

Re:How? (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#22704760)

They archive their emails. ;-)

YAWN (4, Insightful)

samos69 (977266) | more than 6 years ago | (#22703334)

This is a sales pitch, there's nothing new in that article. Google is just fishing for more business for postini...

Re:YAWN (2, Funny)

Richard W.M. Jones (591125) | more than 6 years ago | (#22704524)

This is a sales pitch, there's nothing new in that article. Google is just fishing for more business for postini...

You mean TFA is just a sophisticated form of spam :-)

Rich.

Re:YAWN (1)

Ilgaz (86384) | more than 6 years ago | (#22707514)

I reported 10 "blogspot" abusing spams which are not cheap Viagra but rather actual Microsoft, Adobe piracy advertising scams just last week. Of course, Blogspot (owned by Google) got only 3 of the URLs since they had the genius (!) idea of telling spamcop.net not to send them URL spamming reports. You know the only companies does not want spam reports? The ones who wouldn't care to do anything about them or the CNN/Fox etc. hosting providers which the stories are often abused by scammers. Also ones who are founded for a single reason: hosting spam sites.

The others were reported to piracy@microsoft.com , better "more evil than satan himself" deal with them. ;)

Usenet has become completely horrifying experience since Google News came in. Deja News was doing hell of a better job while Usenet was way more popular than today. They are the only legit big mail provider managed to get in to highly respected RBLs like SORBS and guess what? "Domainkey verified" Google sent mail messages are ending in my Yahoo spam folder. Bug? Hell no, they are all real spams by every definition.

As nobody on net can mess with them, they don't just act like AOL of 1990s, they also try to give news about Spam techniques. It is like a bad joke.

By Neruos (0)

Anonymous Coward | more than 6 years ago | (#22703422)

SO? Why does this stuff get reported? Who is google in the world of viruses and spyware? Nobody, they are a search and webpage indexing company, so they made a webemail and websheets, they where not the first to even do that.

When I hear someone posting 'google said spyware getting smarter', it's no different then 'myspace saying CPU chips are getting faster'

Mcafee and Symantec, say this every year and that is there business model.

bad /. bad, sit in the corner.

Human Intelligence (2)

Mox-Dragon (87528) | more than 6 years ago | (#22703430)

It seems odd that spammers will need to start using more complicated techniques, as it doesn't seem like people are getting any smarter.

Re:Human Intelligence (1)

spicate (667270) | more than 6 years ago | (#22704844)

Even dumb folks can (sometimes) learn from their mistakes.

Targeting executives (2, Interesting)

Jikrschbaum (920529) | more than 6 years ago | (#22703488)

Well that seems the way to go. I must admit a general low opinion on most executive types; one of my favorite examples of why I have a low opinion would be the dressing down a fellow IT staffer got from the CEO. The CEO was upset that when he dialed numbers from his phone's address-book while out of state he was getting wrong numbers and or invalid number recordings. After being told that he needed to dial the area code, the CEO erupted loud enough that I could hear it through the handset "Why do I need to know about area codes!?!?" Anyway I am certain that whatever directed attacks spammers/virus writers/phishers make against these less than stellar inDUHviduals will succeed at alarming rates.

SMTP = evil (1)

Brian Kendig (1959) | more than 6 years ago | (#22703538)

Email spam gets smarter, yet email servers remain stupid.

The sheer amount of bounced spam that I get makes me want to surrender my email account and move to a mountaintop in Nepal and herd goats.

In other news.... (1)

Em Ellel (523581) | more than 6 years ago | (#22703600)

... All people living today will be older or dead tomorrow!!!

(translation for sarcasm impaired - "duuh!!")

-Em

Slashdot article links to hostile code (1)

Animats (122034) | more than 6 years ago | (#22703658)

Nice demo. The link for this article leads to an ad page which won't close if you have AdBlock installed.

Like a firehose.... (2, Informative)

PGillingwater (72739) | more than 6 years ago | (#22703688)

I use Gmail for one of my email accounts, and have used this address (without obfuscation) on the Internet for eight years or so. Therefore, I get a lot of spam. Recently, I've noticed more and more getting through Google's spam filters lately.... but what really amazes me is the volume.

Here's a simple example: most Gmail users know they have a Spam folder, into which Gmail transfers any messages which appear "spammy." This works pretty well, and I keep around 30 days worth in there, as I used to occasionally look through for false positives (which happened sometimes.)

The problem now is just that there is too much spam to do this. Let's compare: here is the count of spam in ONE Gmail account, for the past 30 days -- can anyone match it?

Spam (84194)

I figure that's a rate of 2,800 per day, or 116 per hour. Nearly two spam messages, every minute, 24x7.... and most of it consists of duplicates. Why are the spammers doing this? Unless they are paid per message they send, I don't see it improving their chances of getting a message past filters.

Re:Like a firehose.... (1)

z0idberg (888892) | more than 6 years ago | (#22704412)

... and most of it consists of duplicates. Why are the spammers doing this? Unless they are paid per message they send, I don't see it improving their chances of getting a message past filters.

It's likely that you are on the spammers list more than once, though a smarter spammer would check for that sort of thing, so quite possibly you are in a number of different lists that the same spammer is using.

Re:Like a firehose.... (1)

Richard W.M. Jones (591125) | more than 6 years ago | (#22704614)

I figure that's a rate of 2,800 per day, or 116 per hour. Nearly two spam messages, every minute, 24x7.... and most of it consists of duplicates. Why are the spammers doing this? Unless they are paid per message they send, I don't see it improving their chances of getting a message past filters.

The spam is being sent by a botnet of indeterminate size, and not always in direct communication back to their "masters". Sending emails, even duplicates, costs nothing and is better than having to know the size of your botnet or be in constant communication with the individual bots.

Rich.

Re:Like a firehose.... (0)

Anonymous Coward | more than 6 years ago | (#22705458)

I use Gmail for one of my email accounts, and have used this address (without obfuscation) on the Internet for eight years or so. Therefore, I get a lot of spam. Recently, I've noticed more and more getting through Google's spam filters lately.... but what really amazes me is the volume.

Spam (84194)

I've been using the same e-mail address for 10 years. It's on a lot of newsgroup postings I made (before I obscured it) and was sold by Network Solutions to spammers (I used that address as the contact after I registered my domain).

About 10 spam e-mails a week make it past the filters to my inbox. I used to see 10-20 per day and rising about 7 years ago before I converted to my current filtering solution. So, I think that Google just doesn't have very good spam filters.

Stop using the phrase "intellectual property" (1)

esbee (882147) | more than 6 years ago | (#22703702)

Only if we stop using the phrase, or using an "anti-phrase"(see link below), will people wake up to the fraud brought upon the rest of humanity by these IP abusers. http://www.techdirt.com/articles/20080306/003240458.shtml [techdirt.com]

Time for PGP/SMIME to go mainstream? (3, Interesting)

mlts (1038732) | more than 6 years ago | (#22703734)

Decent cryptographic technologies have been with us for a while. I wonder about someone like Verisign making an EV-like system for E-mail certificates, where people/companies/organizations can apply, and after a thorough vetting, get a certificate (preferably on a hardware cryptographic token) that that person is whom they claim to be. Of course, E-mail clients like Thunderbird, mail.app, and Outlook would have to be updated to show that a mail is authentic.

This would help against spam similar to how anti-phishing technologies in IE and Firefox protect against bad websites, but its still not perfect.

S/MIME and PGP are strong technologies to help against fraud. I just wish more companies would send out mail with it. For example, one could register a PGP public key with a shop, and when the shop would send E-mail, it would send it signed, and encrypted to that key. Even just using S/MIME's signing capability which works with virtually any E-mail client [1] would help matters greatly.

[1]: Even pine and mutt support S/MIME. A lot of cellphones support this functionality as well, such as all recent Windows Mobile devices and Blackberries.

Good idea, however... (4, Insightful)

querist (97166) | more than 6 years ago | (#22704098)

The underlying concept of your idea is good.

However, I can see a few issues that would impact the rate of adoption and the overall utility of your approach (assuming, for the sake of simplicity, that the cryptographic aspects are implemented in a truly secure manner, the crypto itself is strong, etc. I fully realize that this is like the proveribial "frictionless surface" and the proverbial "ideal conductor" used in science books. I'm just trying to cover the big points here, OK?):

1. It will not happen until Verisign (for example) decide that there is enough of a market that they can make a decent profit.

2. It will either price small businesses out of the market (given Verisign's prices, this is likely) or it the price will be such that small businesses can afford it and then so can the spammers. Before you start claiming that is why there is a vetting process, I would suggest that hurdles low enough for small "mom-and-pop" businesses to jump will be low enough for a determined spammer.

3. Either we need a "Root CA" mechanism like other certificates (again, profit and "are you sure you can trust this") or the whole "web of trust" thing from PGP. The web of trust would be difficult in that it would make legit messages appear fake until you can determine it. Also, how would "Joe Sixpack" know the difference between a legit cert for the IRS and a faked one?

Your idea is good. Unfortunately, the current environment is not ready for it. I hope we will see the day when it will work.

Re:Good idea, however... (0)

Anonymous Coward | more than 6 years ago | (#22706614)

So in other words:
Your finding advocates a

(X) technical ( ) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential
employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(X) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Time for PGP/SMIME to go mainstream? (1)

junner518 (1235322) | more than 6 years ago | (#22707016)

Well Thunderbird already has an extension to use openPGP and digital signatures in email.
http://enigmail.mozdev.org/home/index.php [mozdev.org]
And by the time we cut down on fraud and spam in our inboxes, there will probably be another hundred ways of getting this crap. Undoubtedly spam will live forever.

will?? (1)

martin (1336) | more than 6 years ago | (#22703768)

total sales pitch here, this has been happening for several years where the malware writers use news headlines to trick people into opening email and links...

nothing to see here, please move on.

Well duh. (0)

Anonymous Coward | more than 6 years ago | (#22703814)

"Google says spam will get more clever"... what, did you expect for it to get dumber? This one get my award for the most obvious statement of the week.

Great (1)

nurb432 (527695) | more than 6 years ago | (#22703972)

I hope it gets so bad that we are just flooded and 99% of the users are infected. millions of dollars lost.. death and destruction everywhere.

Perhaps then something might get done.

Good... (1)

someone1234 (830754) | more than 6 years ago | (#22704078)

I'm not interested in the Super Bowl, nor am I an executive :)
Hopefully the spammers will develop better bots which target only those.

also on emule (1)

edxwelch (600979) | more than 6 years ago | (#22704122)

any one notice the sudden surge of viruses on emule? Practically all searches return bogus results which really is malware, or virus infected executables.

Is this really more clever? (1)

El Yanqui (1111145) | more than 6 years ago | (#22704172)

This seems like the same old, same old to me. So what makes this clever is that they are hiding the spam and phishing in topical ways? I'm sorry, but I don't see this as being more effective or likely to gain them any more suckers. Spam is spam, it doesn't matter if they dress it up in a 'current' way it won't fool anybody that wasn't fooled before.

"According to this email, I can buy Viagra and support the Obama campaign!"

Won't matter to Google (1)

AskFirefly (757114) | more than 6 years ago | (#22704214)

Their Gmail service has a hard time stopping spam as it is....

My first thought... (1)

abaddononion (1004472) | more than 6 years ago | (#22704220)

At what point did Captain Obvious start working at Google?

Like the numbers stations (3, Interesting)

GlobalEcho (26240) | more than 6 years ago | (#22704444)

I've sometimes wondered how much (if any) spam is actually just a numbers station [wikipedia.org] .

News @ 10 (1)

zakeria (1031430) | more than 6 years ago | (#22704474)

no way.. seriously? and I thought they would get less creative!!

Say What? (1)

xkr (786629) | more than 6 years ago | (#22704640)

A lot of these attacks will masquerade as legitimate business agencies, such as the Internal Revenue Service, the Better Business Bureau...

I think the only correct response is, Huh?

Already Happening (1)

Bryansix (761547) | more than 6 years ago | (#22704688)

We already get SPAM that says it is from the Department of Justice. It acts like of you don't click the link then you cannot find out about a lawsuit that was brought against you and therefore you can't mount a defense. Pretty clever but I saw right past it.

Evolutionists, beware! (2, Funny)

fph il quozientatore (971015) | more than 6 years ago | (#22704870)

I strongly object to the fact that virus evolutionist theories are taught on this forum. Actually, all the viruses were created by God 6000 years ago, and no evolution can happen. You have no proof. Your fallacious theories should not be taught in public schools.

In other news... (0)

Anonymous Coward | more than 6 years ago | (#22705280)

Grass is green.

Ruh Roh!! (1)

v3xt0r (799856) | more than 6 years ago | (#22705304)

Well then, if google says it's true, then I better go out now and buy that Google Postini Subscription so they can protect me from all the evil in the email world.

Fresh from the Irony Desk... (1)

Tsar (536185) | more than 6 years ago | (#22705886)

Google Says Spam, Virus Attacks to Get More Clever
If eWeek's editors were as clever as this new spam, would they have used the correct comparative form cleverer instead?

Re:Fresh from the Irony Desk... (1)

value_added (719364) | more than 6 years ago | (#22707484)

If eWeek's editors were as clever as this new spam, would they have used the correct comparative form cleverer instead?

That would be more better.

Err ... betterer. ;-)

New Attacks? (1)

cppgenius (1009857) | more than 6 years ago | (#22706838)

This is an old trick used by the spammers. The same thing happened last year with the Super Bowl, the same with the IRS phishing e-mails (some of them e-mailed late after the filing season, some even before the filing season).

You're telling me Google (Postini?) took more than a year to discover this, some of these social engineering attacks (especially the malware e-mails focussed on special events) have been around since 2006 as far as I can recall (refer to the links below).

Special Event Malware Spam [cybertopcops.com]
IRS Phishing Scams [cybertopcops.com]

SPAM (1)

Markske (1087805) | more than 6 years ago | (#22707334)

I have currently for 40domains about 200mails a day (what is normal for working clients)
But I need to block 12000mails a day on spam

That is a rate of more then 98% a day of spam

when will thay learn that i just drop those mails

Who really produces the spam? Not as claimed 2 B (1)

FromTheAir (938543) | more than 6 years ago | (#22708452)

Spam doesn't really result in sales, some are not even readable. So what could the real purpose for spam be?

So who would benefit from the effects of Spam?

Those wanting to reduce our performance as a nation.

Those wanting to occupy or divert the attention of the people from real issues.

Those wanting to create a reason to regulate and control the Internet.

Those who sell anit-spam anti-virus software

Those wanting to disrupt (clog up) the free flow of valuable information on the Internet.

Anyone think of any other reasons?

Also Just in from Google: (1)

AKabral (1056068) | more than 6 years ago | (#22708778)

The sun will, in fact, rise tommorrow. And, An adjustment to the title of this thread to "Google Says Spam, Virus Attacks to Get More Cleverer"

By the Power of Grayskull NO..... (3, Funny)

EdIII (1114411) | more than 6 years ago | (#22708832)

Better yet, virus attacks will target executives at companies whose intellectual property is deemed valuable on the black market.


They found the biggest security weakness of every single company... The Pointy Haired Ones.
 

BAH! I'm cool. I don't worry about this shit! (1)

X'16435934 (988304) | more than 6 years ago | (#22711734)

I HAVE a Macintosh!

wait... ? Maybe I have a LINUX!

In any event, I don't have one of those silly WINDOZE machines!
I AM SAFE, you stoopid WINDOZE users!


Load More Comments
Slashdot Login

Need an Account?

Forgot your password?