2005年NPR美国国家公共电台九月-Transition Seen from Hacker Posturing to(在线收听

A new survey of Internet security says the computer attacks are increasingly being used to make money, rather than simply to make mischief. Virus writers are finding also ways to amplify their power—they're renting out robot armies of computers under their command. NPR's Larry Abramson has more.

In the old days the creators of computer viruses were in it for the glory, for the chance to brag about breaking into some well-guarded system. There is still a lot of boasting in the back alleys of the Internet, but increasingly the goal is profit. Vincent Riva is with the security company--Symantec.

There's an ecosystem which has been created as, where increasingly the full profit is the connection between those who find the vulnerabilities, those who write their exploits, and those who try to exploit it for money.

Symantec has just released its latest Internet security report which documents the ways that malicious computer code is being used to steal identities, attack businesses and send out spam. In the first six months of this year, Symantec counted nearly 2,000 vulnerabilities—2,000 security holes that could be used to break into computers remotely. On average someone attacks those holes less than a week after they're discovered, but Symantec says it usually takes two months before a security patch is developed. That means that evildoers have 7 weeks to march through those gateways and get inside the machines of unsuspecting users. And that's what Vincent Riva says another trend is building. Computer crackers are taking control of vast numbers of machines. They're developing what are known as botnets, and offering them for hire.

They become for rent. And we know available underground a number of these systems, are available for people who want to use it to make money.

The actual owners of these machines may be unaware that their computers have these alter egos and are being used to commit crimes. In one case brought by the Justice Department last year, a Massachusetts businessman was indicted for hiring a botnet operator and telling him to attack the computers of a competitor. Botnets have also been used to pump up revenues for advertisements by creating imaginary traffic to a website. And these commandeerd computers can also be called into service for fishing scams, which trick users into giving a passwords and other personal information. Thurston Hose has been monitoring the growth of botnets for a group called the HoneyNet project from his listening post in Germany. Hose says even beginners can amass large armies.

So we see several hundred/ thousands of compromised machines / each day and just the skill that is not very high for running a botnet.

The Symantec Internet security report brings news of other ominous trends. Vincent Riva says he seen the growth of viruses aimed at portable computing devices, PDAs and smart cell phones.

If we look at countries or regions of the world, which actually have a fast deployment of a smart phone, such as Japan, we actually see more crime in those areas, so for example we see the first fishing and float attacks occurring in Japan.

If you find these threats alarming, you're supposed to. This news is coming from a company that makes its money off the sale of security software. They see the world through their own particular lens. But even the best security software has holes, for example, researchers at UC Berkley have just announced they can reliably decode passwords and other information simply by recording the sounds of you typing on your keyboard.

Larry Abramson, NPR news.
  原文地址:http://www.tingroom.com/lesson/NPR2005/40640.html