The threat to identity from new and unknown malware

Malicious code in the form of computer viruses, worms, trojans and spam bots represents a most dangerous and costly threat to fully interconnected networked information systems. Infected Web pages can seriously compromise client machines and networks. Infected electronic messages, commonly sent in the form of e-mail viruses, may not only damage individual machines but may also cause serious denial of service damage by flooding networks. Socially engineered messages in the form of phishing attacks can cause a general lack of confidence in electronic commerce. Conventional approaches to these problems focus on identifying legitimate messages, which is not always an easy or obvious task. Validating the identity of an electronic communication is a fundamental problem in the modern wired world. The aim of this paper is to highlight the problem of authenticating the identity of electronic communications and to demonstrate an extra layer of protection with respect to e-mail systems, whereby attacks based upon the falsification of identity can be detected and eliminated with minimum impact on the system.