Be aware of the growing threat of botnets要意識到僵尸網(wǎng)絡(luò)日益增長的威脅《endurer注:1。be aware of 知道;意識到 2。botnet 僵尸網(wǎng)絡(luò),是由感染了惡意代碼、能夠被黑客控制,可以用來發(fā)送垃圾郵件、傳播病毒、發(fā)動分布式拒絕服務(wù)攻擊(DDoS)攻擊的計算機組成的網(wǎng)絡(luò)。》 by Jonathan Yarden 作者:Jonathan Yarden 翻譯:endurer(感謝網(wǎng)友JOYCE指正) 2006-02-15 第2版KeyWords: Internet Microsoft Windows Spam and phishing Security threats 要害字:因特網(wǎng) Microsoft Windows 垃圾郵件和網(wǎng)絡(luò)釣魚 安全威脅英文來源:http://techrepublic.com.com/5100-1009-6034534.Html?tag=nl.e044
Takeaway: Botnets are a rapidly increasing risk to Internet security. These groups of comPRomised Windows computers are the tools of the trade for all manners of extortion and spam relay on the Internet, and they are growing in numbers. In this edition of Internet Security Focus, Jonathan Yarden examines this growing threat and discusses what it means for Internet security.概述:僵尸網(wǎng)絡(luò)是Internet(因特網(wǎng))安全快速增長的風(fēng)險。這些受害計算機群是Internet上所有勒索和垃圾郵件轉(zhuǎn)播方式交易的工具,并且它們正大量增長。在本版Internet安全焦點中,Jonathan Yarden講解了這個日益擴大的威脅,并討論了其對Internet安全的意義。《endurer注:1。in numbers 大量的, 為數(shù)眾多的》2005 was not an exceptional year for Windows security?or Internet security in general, for that matter?and 2006 isn't looking to be mUCh better. While the year may gave been profitable for Internet security companies, corporations and average computer users continued to suffer from virus and worm outbreaks and the continuously growing threat of malware.總地來說,2005對于Windows安全——或Internet安全而言,不是一個出色的年份,在這方面——2006看起來也不會更好。雖然這年可能有益于Internet安全公司、企業(yè)和一般計算機用戶繼續(xù)遭受病毒和蠕蟲爆發(fā)和惡意軟件的繼續(xù)增長。《endurer注:1。in general 總之(一般,通常,一般說來) 2。for that matter 就那點而論,在這方面 3。suffer from 忍受, 遭受》It didn't help that 2005 went out with a bang, when a zero-day Windows eXPloit that emerged during the holiday season caused a mad dash to secure systems. The critical vulnerability, which stems from how the OS renders Windows Meta File images, caught everyone by surprise, resulting in more than a million compromised PCs.當(dāng)一個在假期顯現(xiàn)的零日Windows攻擊,對安全系統(tǒng)造成瘋狂攻擊時,它卻沒有起到任何作用,2005年就砰然倒埸了。這個滋生于操作系統(tǒng)處理Windows Meta File圖像的致命缺陷,令每個人震動,產(chǎn)生了上百萬臺的受害PC。 《endurer注:1。go out 出去, 熄滅, 過時, 罷工, 向往, 辭職, 倒塌 2。with a bang 大大地(熱氣騰騰地);砰地一聲 3。mad dash 瘋狂的沖刺 4。result in 導(dǎo)致》In fact, a few antivirus and security companies, including the SANS Institute's Internet Storm Center and F-Secure, recommended installing an unofficial fix authored by Russian software developer Ilfak Guilfanov rather than wait for Microsoft to get around to releasing the patch. It was a rare move from security vendors, and I don't recall it ever happening before.實際上,一些反病毒和安全公司,包括SANS Institute's Internet Storm Center和F-Secure,推薦安裝俄羅斯軟件開發(fā)者Ilfak Guilfanov寫的非官方修訂(程序),勝于等待微軟抽出時間發(fā)布補丁。來自安全供給商的鼓動是很少的,甚至在發(fā)生前我都沒想起它。《endurer注:1。rather than 勝于 2。get around to [getround to]抽出時間(做某事) 考慮(某事) 》However, it only highlights the serious nature of the vulnerability. Zero-day vulnerabilities are critical threats, and they genuinely require immediate attention. In the end, Microsoft actually released its fix for the WMF vulnerability several days earlier than expected, but not before many users turned to the unofficial fix.然而,它只是突出了缺陷的嚴(yán)重性質(zhì)。零日缺陷是致命威脅,并且它們確實需要立即注重。最后,微軟居然早于預(yù)期數(shù)天發(fā)布了針對WMF缺陷的修復(fù)(補丁),但并沒有搶在一些轉(zhuǎn)向非官方修復(fù)(補丁)用戶之前。《endurer注:1。serious nature 性質(zhì)嚴(yán)重 2。in the end 最后, 終于》However, it only highlights the serious nature of the vulnerability. Zero-day vulnerabilities are critical threats, and they genuinely require immediate attention. In the end, Microsoft actually released its fix for the WMF vulnerability several days earlier than expected, but not before many users turned to the unofficial fix.當(dāng)然,回顧以往,零日攻擊也不令人驚奇。惡意軟件作者喜愛假期——還有什么更好的時間能增加蠕蟲或病毒傳播的可能性呢的?《endurer注:1。in retrospect 回顧, 回顧往事;檢討過去》And then there's all those brand-new Windows systems connecting to the Internet for the first time. While most TechRepublic member know that preinstalled Windows systems are vulnerable to a variety of exploits and recognize that someone could remotely take over the system within minutes of connecting to the Internet, it's important to remember that the majority of mainstream computer users do not share this knowledge.然后,所有這些嶄新的Windows第一次連接到Internet。大多數(shù)TechRepublic的成員知道,預(yù)裝的Windows系統(tǒng)易受多種攻擊,并熟悉到有人能在連接到Internet的幾分鐘內(nèi)遠(yuǎn)程接管,極大多數(shù)的主流計算機用戶未分享這個知識,記住它是很重要的。《endurer注:1。and then 于是, 然后 2。a variety of 多種的 3。take over 把...從一地帶到另一地, 接收, 接管》And depending on the malware, a newly infected computer can mean much more than annoying pop-ups. More than a few viruses and worms connect to an Internet Relay Chat (IRC) channel to listen for instructions—and join a legion of other compromised Windows systems. 依靠惡意軟件,一臺新感染的電腦可能意味著更多討厭的彈出廣告。許多病毒和蠕蟲連接到Internet多線交談(Internet Relay Chat,IRC)頻道接聽指令——并加入其他受害的Windows系統(tǒng)軍團。 《endurer注:1。more than 大于;超過,多于》Known as botnets, these groups of compromised computers are a growing threat on the Internet. They are the tools of the trade for all manners of extortion and junk e-mail relaying on the Internet, and they are growing in numbers. 這就是我們所說的僵尸網(wǎng)絡(luò),這些受害計算機群是Internet(因特網(wǎng))安全快速增長的風(fēng)險。它們是是Internet上所有勒索和垃圾郵件轉(zhuǎn)播方式交易的工具,并且它們正大量增長。 In fact, law enforcement has long been aware of this immense threat and has been actively working to shut down botnets for a while. For example, the objective of Operation Spam Zombies, a U.S.-sponsored initiative launched by the Federal Trade Commission (FTC) last year, is to put a stop to the compromised Windows computers used to relay junk e-mail.實際上,執(zhí)法機構(gòu)已經(jīng)長期注重這個極大威脅,并積極地致力于暫時關(guān)閉僵尸網(wǎng)絡(luò)。例如,美國聯(lián)邦商務(wù)委員會(Federal Trade Commission,F(xiàn)TC)去年發(fā)起的Operation Spam Zombie的目標(biāo)是,制止受害的Windows電腦用轉(zhuǎn)播垃圾郵件。 《endurer注:1。for a while 暫時 2。zombie 僵尸電腦,是一種計算機,一般通過寬帶連接到互聯(lián)網(wǎng)上、沒有任何的安全軟件的防護。它被蠕蟲或者病毒感染,被遠(yuǎn)程控制并發(fā)送拒絕式襲擊、垃圾郵件和帶有網(wǎng)絡(luò)釣魚性質(zhì)的郵件。 美國聯(lián)邦商務(wù)委員會組織推出了“Operation Spam Zombie”的運動,計劃要求互聯(lián)網(wǎng)服務(wù)提供商隔離zombies,以幫助用戶清查計算機。 3。put a stop to 制止,使停止》However, I've been critical of this proposal from the start because it doesn't highlight the real risk of these so-called zombie systems, which malicious hackers can control remotely for their own nefarious deeds. In reality, junk e-mail comes in at the bottom of my list of Internet security threats—but compromised computers controlled through IRC are at the top. 然而,我從一開始就批評這個提議,因為它不能突出這些被稱為介于僵尸系統(tǒng)的真實危害,惡意駭客們(hackers)能遠(yuǎn)程控制它們用于其邪惡行為。事實上,垃圾郵件在我的Internet安全威脅清單的底部——但通過IRC控制的受害電腦在頂部。《endurer注:1。from the start 從一開始 2。in reality 實際上, 事實上 3。come in 進來, 到達(dá)終點, 流行起來, 當(dāng)選, (錢)到手 4。at the bottom of 在...之底部》 Botnets are useful for all kinds of destructive Internet activity, either by individuals or organized cyberspace criminal gangs. The recent guilty plea of Jeanson James Ancheta, who operated a large botnet for both extortion attempts and installing spam-relaying malware, is only one person in the highly organized "Botmaster Underground," a covert group of hackers skilled in bot attacks that regularly rent the use of their zombie Windows systems for all types of illicit activity.僵尸網(wǎng)絡(luò)可用于所有類型的破壞(性)的Internet活動,由單獨的或有組織的電腦空間犯罪集團發(fā)起的。最近Jeanson James Ancheta的有罪請求,此人操縱大型僵尸網(wǎng)絡(luò)用于勒索企圖和安裝垃圾郵件轉(zhuǎn)播惡意程序,只是高度組織化的“地下蠕蟲大師”中的一個人,“地下蠕蟲大師”是隱蔽的、擅長bot《endurer注:Bot 遙控程序》攻擊的黑客群,定期出租他們的僵尸Windows系統(tǒng)使用權(quán)用于所有類型的違法活動。 《endurer注:1。be useful for 具有...用途 2。skilled in 精通,擅長》Of course, spam relaying is undouBTedly annoying, but it's merely a byproduct of these botnets controlled from a single source. And while law enforcement should continue to focus on shutting down botnets, we can't stop looking for a way to prevent compromised Windows systems in the first place. 當(dāng)然,垃圾郵件轉(zhuǎn)播的確討厭,但其僅僅是單一來源控制僵尸網(wǎng)絡(luò)的附產(chǎn)品。雖然執(zhí)法機構(gòu)需要繼續(xù)集中精力關(guān)閉僵尸網(wǎng)絡(luò),我們不能停止尋找首先預(yù)防受害Windows系統(tǒng)的方法。《endurer注:1。focus on 集中 2。in the first place 首先;起初》But this problem, unfortunately, is much more difficult to solve. I planned to gather some statistics about these compromised Windows systems until a coworker reported that CipherTrust had beaten me to the punch. CipherTrust's ZombieMeter tracks traffic from zombie PCs around the world. 但是不幸地是這個問題,解決起來更加困難了。我計劃收集一些關(guān)于這些受害WWindows系統(tǒng)的統(tǒng)計表,直到共同工作者報告CipherTrust《endurer注:Ciphertrust是全球電子郵件安全的公司》已經(jīng)將我打進 沖壓機。CipherTrust的ZombieMeter能追蹤全球“僵尸PC”流量。《endurer注:1。much more 更加》Regardless of statistics, it should be clear that Internet security as a whole almost entirely depends on the security of Microsoft Windows—whether it's actually your chosen OS. This alone has led many users to suggest a potential antivirus conspiracy; they argue that entire sectors of the "Microsoft economy" centered around Internet security would collapse if Windows was truly secure. 不管統(tǒng)計表,明顯的是,Internet安全總體是幾乎完全依靠于微軟視窗口系統(tǒng)的安全性——無論它是否為你實際選擇的操作系統(tǒng)。這已經(jīng)單獨地令一些用戶想起可能的反病毒軟件陰謀;他們爭論,假如Windows真的安全,那么以“微軟經(jīng)濟”為中心、圍繞Internet安全的全部部門將崩潰。 《endurer注:1。regardless of 不管, 不顧 2。as a whole 總體上》 While I tend to disagree, compromised Windows systems do represent the largest threat to the Internet as a whole. Organized and controlled as botnets, these systems are essentially Internet weapons of mass destruction. And that's why, when it comes to programs such as Operation Spam Zombies and other law enforcement initiatives, junk e-mail needs to take a back seat to the more insidious threat of botnets.然而我傾向于不同意,受害Widnows系統(tǒng)總體上表明了Internet最大的威脅。有組織的或受控作為僵尸網(wǎng)絡(luò),這些系統(tǒng)本質(zhì)上是Internet大規(guī)模殺傷武器。原因是,當(dāng)諸如Operation Spam Zombies和其它由執(zhí)法機構(gòu)發(fā)起的活動達(dá)到程序化時,垃圾郵件需要退居二線,讓位給僵尸網(wǎng)絡(luò)更陰險的威脅。《endurer注:1。tend to 注重, 趨向 2。mass destruction 大規(guī)模殺傷 3。come to 達(dá)到, 繼續(xù), 復(fù)蘇, 停止;想起,共計 4。take a back seat換到次要的地位(退居二線)》
