杀毒软件公司McAfee的报告称,4月至6月,僵尸网络计算机(Zombie)的数量增长到了1.3万,这一数字比前三个月增加了4倍。McAfee预计,63%的电脑曾经被僵尸网络利用过。另外,今年前6个月,间谍软件和广告软件的数量均超过了去年全年的总和。
计算机安全专家去年将僵尸网络列为是对个人用户及企业威胁不断增加的一种安全危害。这种程序通过聊天室,文件共享网络感染存在漏洞的计算机。它们经常无法被发现,能够远程控制被害人的计算机,然后组成僵尸网络对其它计算机与网站发动攻击,发送垃圾邮件或者窃取数据。和大部分的蠕虫及病毒一样,僵尸网程序的主要攻击对象是那些安装了Windows操作系统的机器。
间谍软件与广告软件也同样秘密的潜入受害人的电脑。但和僵尸网络程序不同,它们的主要目的是了报告用户的浏览习惯,发送弹出式广告等。间谍软件与广告软件逐渐成为互联网上的公害,它们会影响用户的上网体验,浪费用户计算机的处理器能力。
公众对这些程序的抱怨已经引起了立法者的重视。几项反间谍软件的提案已经在美国国会进行审议。美国联邦贸易委员会等机构最近敦促互联网服务商们,对僵尸网络的策动者予以制裁。纽约首席检察官 Eliot Spitzer今年4月对Intermix Media提起了诉讼,指控这家网络营销公司是广告软件及间谍的源头。
但是,McAfee却对与这些程序的战斗表示悲观。
McAfee公司的总裁Vincent Gullotto说:“目前有四项反间谍软件的议案正在国会讨论,但是,我们认为,这个问题只会变得越来越严重。”
McAfee还表示,和前三个月相比,过去三月,不请自来的程序数量有12%的增长。
和去年同期相比,今年第二季度发现的计算机安全漏洞的数量上升了5%,其数量超过了1千个。 McAfee表示,全球以金融收益为目的的攻击事件数量也在上升。一些攻击者使用程序窃取金融数据,另外一些通过完全控制用户的电脑或网络进行敲诈。
McAfee同时也警告说,研究人员已经发现了一种新的黑客攻击方式,即,对使用了蓝牙无线协议的手机展开攻击。这种黑客手法可以让攻击者在用户毫无察觉的情况下与蓝牙手机进行相连。(编辑:孙莹)
Report: Computer hijacking on the rise
Published: July 11, 2005, 2:50 PM PDT
By Alorie Gilbert
Staff Writer, CNET News.com
Personal computers that play unwitting host to "zombie" code are proliferating at a startling pace, according to a new report.
Incidents involving the malicious code, also known as "bot" code, reached 13,000 from April through June, according to a report from antivirus-software maker McAfee. That's quadruple the number tracked by the company in the previous three months. McAfee estimated that 63 percent more machines were exploited by bot programs and by spyware and adware--their slightly less insidious, but more common, cousins--in the first six months of this year than in the whole of last year.
Computer security experts have identified zombie networks, or networks of systems with bot software installed, as a rising threat to consumers and businesses. The programs spread to vulnerable computers via chat room servers and file-sharing networks, experts said, and often go undetected by the PCs' owners.
Intruders can remotely control a network of infected machines to launch attacks on other computers and Web sites, spread spam and steal data, for example. Like most worms and viruses, zombie programs largely target machines running the Microsoft Windows operating system.
Spyware and adware also implant themselves surreptitiously on the computers of unsuspecting victims. But unlike zombie programs, they are mainly designed to report users' browsing habits and deliver pop-up ads. Such programs have become the scourge of the Internet, often frustrating people's Web experience and tying up their computers' processing power.
Public outcry over such programs has reached lawmakers' ears. Several anti-spyware bills are under review by Congress. The U.S. Federal Trade Commission and its counterparts abroad recently announced that they'd urge Internet Service Providers to crack down on zombie perpetrators. New York Attorney General Eliot Spitzer filed suit against Web marketer Intermix Media in April, charging it with being a source of adware and spyware programs that hinder online commerce and security.
But McAfee remains pessimistic about the fight against what it calls "potentially unwanted programs."
"There are four anti-spyware bills working their way through Congress to help tackle this growing problem, but we believe the problem is only going to get worse," Vincent Gullotto, a McAfee vice president, said Monday in a statement.
McAfee also said it saw a 12 percent increase in the number of new unwanted programs created in the past three months, compared with the previous three months.
The reported number of overall computer security vulnerabilities climbed about 5 percent in the second quarter, compared with the same period last year, exceeding 1,000 on various computing platforms, the company said.
A growing number of attacks are being launched with the goal of financial gain, McAfee noted. Some attackers use programs to steal financial data, while others attempt to hold a person or group ransom by gaining complete control over a machine or network.
McAfee also warned that researchers have discovered a new method for hacking cell phones using the Bluetooth wireless protocol. The technique allows an attacker with special equipment to connect to a Bluetooth handset without authorization.