Some of the security industry's biggest minds will gather Nov. 7-9 at San Diego for a conference dripping with acronyms, computer jargon and geek-speak. The conference is the jamboree of APWG -- Anti-Phishing Working Group to those not initiated into the mysteries of cybercrime terminology.
Phishing, originally coined with a nod to fishing of the marine variety, is the dark craft of identity theft that has mutated into numerous sinister and highly dangerous forms of cybercrime since APWG came into being in 2003.
APWG was formed that year -- two years after the terrorist attacks on the United States on Sept. 11, 2001 -- in response to Internet-based threats from various sources, some directly linked to terrorism, others originating in malicious hacking and still others traced to computer experts serving the interests of organized crime by phishing for financial gain.
Phishing is hugely expensive to get rid of and has cost governments and corporations tens of millions of dollars as they try to clean systems of malware -- usually after an attack. Only recently have governments and corporate entities begun spending more on preventive measures.
APWG said the upcoming conference's agenda "reveals a disturbing trend in the organization of cybercrime gangs' enterprises: a growing mastery of disguise, camouflage and deft, penetrating impersonation of trusted technologies, persons and institutions."
One major threat often mentioned but not sufficiently publicized is fake antivirus software. Just when you think you are doing the right thing to clean up your system you are actually infecting it more, sometimes beyond repair, APWG experts point out.
Fake antivirus software is so widespread that it has spawned an underground economy of its own.
Targeted crimeware and social engineering attacks focus deep inside corporations large and small. Targeted crimeware threats are growing in potency and evasive capacities.
Skeptics who cited the security industry pronouncements as scare tactics to boost sales are among people, including hesitant decision-makers, who are being converted to the threat perception scenarios presented at technology conferences such as next week's APWG.
A keynote address by Eugene H. Spafford, professor of computer sciences at Purdue University, will review new technologies and systems being used to protect Internet works and data resources.
Cynics in the computer industry say the preventive technologies are as good as the last malware -- they need to keep pace with new criminal software being unleashed on the Internet and other systems offline.