Security experts claim that a new generation of malicious code seems to specifically target business and industry, and that a connection exists to organised crime. What evidence is there to support this?
The connection to organised crime can be seen specifically in two areas. The first is the already mentioned convergence between spam and viruses. What we're now seeing is that spammers are essentially bankrolling virus writers -- or people who are capable of writing viruses -- to harvest very large networks of zombie machines that can then be used to send huge quantities of spam or launch denial-of-service attacks. What really are linking the spammers to organised crime directly are the recent "phishing" attempts that we've seen and the way in which the money is subsequently being laundered. These are techniques that have existed in organised crime for a very long time. When someone actually tries to follow the money to see what happens financially, the way the money gets moved around definitely hints at people that are very familiar with laundering money in this kind of way.
The second, slightly more tenuous point is that the areas where the attacks, i.e. the Web pages, are hosted are areas that have been associated with organised crime in the past. Specifically we have seen a lot of "phishing" Web sites hosted in Russia.
What are governments currently doing to control the Internet and what might they do in the future?
Certainly I think since we've crossed the threshold of more than 50 percent of all mail being spam, it shows that things are getting out of hand in the absence of a good filtering solution. The trouble is that the laws both here in Europe and in America are slightly out of touch with practicality in terms of the way they work -- certainly in the US, where the laws have potentially created more confusion than they've actually helped. With the opt-out approach they have actually endorsed the concept of a user opening an unsolicited mail in order to then unsubscribe from it. The fatal flaw, of course, is that the law assumes that the spammers are scrupulous, which we definitely know not to be the case. I don't think legislation should ever be viewed as a magic bullet type solution.
Going forward, the way that this problem will really be solved is to move filtering to the Internet level, where the scale and the speed of updates mean that you can do a much better job, especially when you look at the home-user market, where the task of filtering is being placed on the end user. This is really the wrong place to put it; it's not the end user's core competence.
Currently, many ISPs are allowing all Internet traffic to simply flow through completely unfiltered, which is akin to a water authority pumping out raw sewage to its customers and leaving it to them to fend for themselves. Advanced scanning needs to be shifted upstream to the Internet level, where it is possible to be proactive as opposed to reactive. Governments really need to put additional pressure on the ISPs to take ownership of the problem, and to filter the connections that they are providing to businesses and to home users.
Spam and viruses are often mentioned in the same context, and there is much talk about the so-called "blended threats". Is spam then more than just a nuisance? How does it fit into the big picture?
One of the main reasons that you hear about spam so regularly now is that spam is a daily problem, whereas viruses tend to be not quite so much in people's faces so immediately. Spam and viruses are very much mentioned interchangeably now since we've seen the convergence where the purpose behind many viruses is ultimately the proliferation of more spam. Generally, consumers or businesses tend to trust their antivirus partners and are now turning to them to ask how they can help them with their spam problem.
Talkback
I couldn't agree more that the monitoring and deletion of spam / viruses should move to a higher level than is currently the case. Many home users still don't have a clue how to protect their machines, and many cannot afford proper protection but still show their faces (and their backs!) on the net. Also, in third-world countries there are ISP's who struggle to provide the bandwidth that customers pay for, but there are always "low-tech" glitches which ensure that you don't even get that bandwidth. When spam starts rolling in, Internet access becomes nigh impossible, and the potential benefits for businesses in these countries fall away. Do we go back to the cleft stick, or do we accept that monitoring is better done as suggested, at Internet level? I'd willingly trade some degree of privacy for properly audited protection, stop frantically searching the Web at ridiculously low speed for patches, fixes (and nostrums), and get back to doing business in a relatively normal manner.
What are politicians afraid of? One very simple law would completely cure the problem world wide!
i.e. If a person or company does not specifically request another's SPAM, the SPAMMER commits an offence when distributing Spam, viruses or phishing. The offence of 'DISTRIBUTING UNREQUESTED INFORMATION OF ANY TYPE' commits the SPAMMER, Virus Writer, Phisher etc. (on first offence) to a minimum jail sentence of TEN years hard labour WITHOUT parole and WITHOUT access to any and all forms of I.T. for the duration of said prison term. (This should please the Human Rights vociferous minority as the majority of humans would be protected from Internet effluent and from the S.H.1.T. producing the effluent!).
Check out Spam-Exile, It works
I'm amazed that free classes have never been offered anywhere to show how the fight against spam and viruses must be do. I train my work people until it is second nuture to just set it up and make sure everyting is set to one of the higher levels of fighting viruses with a decent anti-virus program and the same with SPAM ... I use mail provided by ic24.net who's anti-virus and anti spam programs are about.
I very much agree with this article and would look for a way to pressure our parliment on this matter.
Actually I agree with the posting above. I used to get over 100 spam messages a day - now I get NONE.