The NY Times (April 25, 2010) published an article that explains how spammers are employing offshore help in India, Bangladesh and China to bypass website form security measures such as CAPTCHAs instead of solely relying on automated robots. CAPTCHA technology is an input device that can connect to a web form and requires a person to type in a string of semiobscured or text-as-image characters to prove that they are human. Freelancer.com reported that the going rate for the spamming work ranges from 80 cents to $1.20 for each 1,000 deciphered boxes. Some of these spamming operations are fairly sophisticated and involve brokers and middlemen.

A recent (Wednesday, April 14, 2010) blog post from Google’s Online Security Team discussed a new and emerging security threat on the web. For years, Google has attempted to detect internet threats that were site-based and announce or forcibly protect against them. Vulnerabilities in web browsers and popular plugins have helped sustain and distribute internet threats such as the Conficker virus for instance. One of scariest issues with such internet threats is that they require no or little user action in order for infection to occur–they permit the adversary to execute code on a user’s computer without their knowledge.

One of the high level concerns for internet security is the popularity of Fake anti-virus software. Google’s Online Security Blog discusses the subject in an article entitled “The Rise of Fake Anti-Virus.” Protecting against fake anti-virus software has become an increasing priority for Google’s security team since they were first discovered in March 2007.

Google has conducted a large study of this web security threat and plans to present it’s findings later this month. As a spoiler to the study, Google has announced that it has discovered over 11,000 domains involved in Fake AV distribution. However, it also stated that fake AV distribution is on the apparent decline.

Google’s innovation in internet security has profoundly impacted the industry. Although Google has been a stalwart user security and information confidentiality, many are deeply concerned that Google may be a long term risk to Internet user privacy as they amass a historical wealth of information on businesses, individuals, consumer trends and much more.

Source: Online Security Blog The latest news and insights on security and safety on the Internet: http://googleonlinesecurity.blogspot.com/2010/04/rise-of-fake-anti-virus.html

In January, Google disclosed that there had been a major, successful, cyber attack against Google. It should be noted that other prominent US companies also reported successful major security breaches as well. At the time, the extent of the attack was largely unknown to the public. The NY Times reported (Published: April 19, 2010, Cyberattack on Google Said to Hit Password System) that someone close to the investigation stated that the attack hit Google’s most sacred system–the password system. This system, code-named Gaia, controls the passwords to millions of Web services, including e-mail and business applications. Gaia allows users to use a single sign-in function to access a broad range of tools (without re-entering their password).

One of the concerns that outside experts have warned against is that the attackers may have discovered weaknesses in Google’s systems that perhaps Google may not even suspect. If so, the attackers could use the exploits to gain re-entry, steal data or corrupt the system.

(Source: http://www.nytimes.com/2010/04/20/technology/20google.html, or print: page A1 of the New York edition.)