[譯]Skype可提供僵屍網絡控制


Skype could provide botnet controls

Skype可提供僵屍網絡控制


by Joris Evers

作者:Joris Evers

翻譯:endurer

2006-02-17 第1版


Keywords: VoIP and IP telephony | Security threats | Hacking | Spam and phishing | Viruses and worms


關鍵字:VoIP 和 IP telephony | 安全威脅 | Hacking | 垃圾郵件和網絡釣魚 | 病毒和蠕蟲


英文來源:http://techrepublic.com.com/2100-1009_11-6031306.html?tag=nl.e044


Takeaway:

Net phone services could allow cybercriminals to launch attacks without being detected, a communications group has warned.


概述:

一個通信團體已經發出警告,網絡電話服務能讓網絡罪犯發動攻擊而不被檢測到。


Internet phone services such as Skype and Vonage could provide a means for cybercriminals to send spam and launch attacks that cripple Web sites, experts have warned.

專傢已經發出警告,諸如Skype和Vonage之類的網絡電話服務可為網絡罪犯提供發送垃圾郵件和發動對有殘缺網站的攻擊的方法。


Moreover, because many voice over Internet protocol applications use proprietary technology and encrypted data traffic that can't easily be monitored, the attackers will be able to go undetected.

此外,因為一些語音,是使用專利技術和不易被監控的加密數據的Internet協議應用程序來交流的,攻擊者將能不被檢測到。


"VoIP applications could provide excellent cover for launching denial-of-service attacks," the Communications Research Network said Wednesday. The Communications Research Network is a group of industry experts, academics and policy makers funded by the Cambridge-MIT Institute, a joint venture between Cambridge University and the Massachusetts Institute of Technology.


“VoIP應用程序能為發起拒絕服務攻擊提供極好的掩護,”Communications Research Network周三說。Communications Research Network是一個行業專傢,理論和策略制定者團體,為其提供基金的劍橋-麻省理工學院聯合研究所(CMI,The Cambridge-MIT Institute)是由劍橋大學和麻省理工學院合資的。


《endurer註:1。joint venture 合資》


The group urges VoIP providers to publish their routing specifications or switch to open standards. "These measures would...allow legitimate agencies to track criminal misuse of VoIP," Jon Crowcroft, a professor at Cambridge University in the U.K., said in a statement.

該團體敦促VoIP供應商公開路由規范或開關為開放標準。“這些措施將...允許合法代理追蹤罪犯對VoIP的濫用,”英國劍橋大學教授Jon Crowcroft在一個聲明中說。


《endurer註:1。U.K. 英國, 聯合王國》


Essentially, some of the features to protect VoIP applications can now be used maliciously, Crowcroft said. "While these security measures are in many ways positive, they would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks," he said.

其實,一些用來保護VoIP應用程序的特性現在被惡意利用,Crowcroft說。“雖然這些安全措施在許多方面是積極的,如果某人利用VoIP覆蓋作為攻擊的控制工具,它們合起來是令人很頭痛的。”他說。


《endurer註:1。in many ways 在許多方面

2。add up to 合計達》


In a denial-of-service attack, a flood of information requests is sent to a Web server, bringing the system to its knees and making it difficult or impossible to reach. Today, such attacks often involve many hacked computers, so-called "zombies," that have been networked in a so-called "botnet."

在拒絕服務攻擊中,信息請求洪水被發送到Web服務器,使系統屈服,很難或不能到達。今天,這樣的攻擊經常包括一些被hacked的機算機,這些被稱為“僵屍”的計算機被組成網絡,該網絡名為“僵屍網絡”。


《endurer註:1。bring sb. to his knees:迫使某人屈服》


Cybercriminals rent out use of their botnets on the black market. About 60 percent of the world's spam is sent through such compromised computers, and the zombies are also used in extortion schemes where a Web site owner is told to pay or face a denial-of-service attack.


網絡罪犯們在黑市上出租他們的僵屍網絡的使用權。世界上大約60%的垃圾郵件是通過這種受害計算機發送的,這些僵屍(電腦)也被用於勒索計劃,網站所有人被告知付錢或面對拒絕服務攻擊。


《endurer註:1。rent out 租出》


Botnets are typically controlled by an attacker via Internet Relay Chat. Zombies listen for instructions from their masters on IRC channels. Investigators monitor those channels to help catch cybercriminals, and Internet service providers can block traffic to the IRC servers used by zombies in order to thwart attacks, experts have said.


僵屍網絡通常由攻擊者通過Internet多線交談(IRC)控制。僵屍(電腦)監聽其控制者在IRC頻道發出的指令。調查人員監控這些頻道有助於抓獲網絡罪犯,Internet服務提供商可以阻塞被僵屍(電腦)利用的IRC服務器的交流以阻礙攻擊,專傢們已經指出。


VoIP applications such as eBay's Skype and Vonage could give cybercriminals a better way of controlling their zombies and covering their tracks, the Communications Research Network said. "If the control traffic were to be obfuscated, then catching those responsible for DoS attacks would become much more difficult, perhaps even impossible," the group said in a statement.


諸如eBay的Skype和Vonage這樣的VoIP應用程序可給予網絡罪犯控制僵屍(電腦)和隱藏攻擊的更好方法,Communications Research Network說。“如果控制交流被擾亂,那麼抓獲這些DoS攻擊責任人將變得更困難,甚至不可能。”該團體在聲明中稱。


《endurer註:1。responsible for 為...負責;是造成...的原因》


There has yet to be an instance of an online attack launched through a VoIP application, but the Communications Research Network believes it is only a matter of time. "If left unresolved, this loophole in VoIP security won't just decrease the likelihood of (attack) detection and prosecution, it could also undermine consumer confidence in VoIP," the group said.

還沒有通過VoIP應用程序發動的在線攻擊實例,但Communications Research Network相信這隻是時間問題。“如果置之不理,VoIP安全中的漏洞將不僅僅會降低(攻擊)檢測和起訴的可能性,還將破壞消費者對VoIP的信任,”該團體說。


《endurer註:1。It's only a matter of time. 這隻是時間問題。

2。consumer confidence 消費者信任》


Communications Research Network contacted VoIP providers with its concerns, it said. Skype and Vonage did not immediately respond to a request for comment.

Communications Research Network說它帶著關切聯系VoIP供應商,Skype和Vonage沒有立即響應。


《endurer註:1。with concern: 關切地(憂慮著)》

0 個評論

要回覆文章請先登錄註冊