it's alive!

Here's an interesting article from the RSA: One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accounts
I've heard the 'idea' of the internet being a living thing...which was recently discussed on Security Now...basically, a virus/trojan can be created and injected into the Internet that can self-mutate and exist for years! compromising systems and gathering confidential information...this specific one has been in existence for over 2 years and has compromised over 300,000 bank account. The basic response to this is:

• stop trusting web sites (not a good outcome)
• the government should do something (a worse outcome)
• we need to focus more on security for any website we implement (I think the right response)

For each project that we're responsible for, we need to ensure some effort is spent on coding/testing for such security issues. Business buy-in is easy - tell them the impact/negative publicity if the site/system is compromised.......another item for the risk list