[译]Skype可提供僵尸网络控制

Skype could provide botnet controls
Skype可提供僵尸网络控制

by Joris Evers
作者:Joris Evers
翻译:endurer
2006-02-17　第1版

Keywords: VoIP and IP telephony | Security threats | Hacking | Spam and phishing | Viruses and worms

关键字:VoIP 和 IP telephony | 安全威胁 | Hacking | 垃圾邮件和网络钓鱼 | 病毒和蠕虫

英文来源:http://techrepublic.com.com/2100-1009_11-6031306.html?tag=nl.e044

Takeaway:
Net phone services could allow cybercriminals to launch attacks without being detected, a communications group has warned.

概述:
一个通信团体已经发出警告，网络电话服务能让网络罪犯发动攻击而不被检测到。

Internet phone services such as Skype and Vonage could provide a means for cybercriminals to send spam and launch attacks that cripple Web sites, experts have warned.
专家已经发出警告，诸如Skype和Vonage之类的网络电话服务可为网络罪犯提供发送垃圾邮件和发动对有残缺网站的攻击的方法。

Moreover, because many voice over Internet protocol applications use proprietary technology and encrypted data traffic that can't easily be monitored, the attackers will be able to go undetected.
此外，因为一些语音，是使用专利技术和不易被监控的加密数据的Internet协议应用程序来交流的，攻击者将能不被检测到。

"VoIP applications could provide excellent cover for launching denial-of-service attacks," the Communications Research Network said Wednesday. The Communications Research Network is a group of industry experts, academics and policy makers funded by the Cambridge-MIT Institute, a joint venture between Cambridge University and the Massachusetts Institute of Technology.

“VoIP应用程序能为发起拒绝服务攻击提供极好的掩护，”Communications Research Network周三说。Communications Research Network是一个行业专家，理论和策略制定者团体，为其提供基金的剑桥－麻省理工学院联合研究所（CMI，The Cambridge-MIT Institute）是由剑桥大学和麻省理工学院合资的。

《endurer注：1。joint venture 合资》

The group urges VoIP providers to publish their routing specifications or switch to open standards. "These measures would...allow legitimate agencies to track criminal misuse of VoIP," Jon Crowcroft, a professor at Cambridge University in the U.K., said in a statement.
该团体敦促VoIP供应商公开路由规范或开关为开放标准。“这些措施将...允许合法代理追踪罪犯对VoIP的滥用，”英国剑桥大学教授Jon Crowcroft在一个声明中说。

《endurer注：1。U.K. 英国, 联合王国》

Essentially, some of the features to protect VoIP applications can now be used maliciously, Crowcroft said. "While these security measures are in many ways positive, they would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks," he said.
其实，一些用来保护VoIP应用程序的特性现在被恶意利用，Crowcroft说。“虽然这些安全措施在许多方面是积极的，如果某人利用VoIP覆盖作为攻击的控制工具，它们合起来是令人很头痛的。”他说。

《endurer注：1。in many ways 在许多方面
2。add up to 合计达》

In a denial-of-service attack, a flood of information requests is sent to a Web server, bringing the system to its knees and making it difficult or impossible to reach. Today, such attacks often involve many hacked computers, so-called "zombies," that have been networked in a so-called "botnet."
在拒绝服务攻击中，信息请求洪水被发送到Web服务器，使系统屈服，很难或不能到达。今天，这样的攻击经常包括一些被hacked的机算机，这些被称为“僵尸”的计算机被组成网络，该网络名为“僵尸网络”。

《endurer注：1。bring sb. to his knees:迫使某人屈服》

Cybercriminals rent out use of their botnets on the black market. About 60 percent of the world's spam is sent through such compromised computers, and the zombies are also used in extortion schemes where a Web site owner is told to pay or face a denial-of-service attack.

网络罪犯们在黑市上出租他们的僵尸网络的使用权。世界上大约60%的垃圾邮件是通过这种受害计算机发送的，这些僵尸（电脑）也被用于勒索计划，网站所有人被告知付钱或面对拒绝服务攻击。

《endurer注：1。rent out 租出》

Botnets are typically controlled by an attacker via Internet Relay Chat. Zombies listen for instructions from their masters on IRC channels. Investigators monitor those channels to help catch cybercriminals, and Internet service providers can block traffic to the IRC servers used by zombies in order to thwart attacks, experts have said.

僵尸网络通常由攻击者通过Internet多线交谈（IRC）控制。僵尸（电脑）监听其控制者在IRC频道发出的指令。调查人员监控这些频道有助于抓获网络罪犯，Internet服务提供商可以阻塞被僵尸（电脑）利用的IRC服务器的交流以阻碍攻击，专家们已经指出。

VoIP applications such as eBay's Skype and Vonage could give cybercriminals a better way of controlling their zombies and covering their tracks, the Communications Research Network said. "If the control traffic were to be obfuscated, then catching those responsible for DoS attacks would become much more difficult, perhaps even impossible," the group said in a statement.

诸如eBay的Skype和Vonage这样的VoIP应用程序可给予网络罪犯控制僵尸（电脑）和隐藏攻击的更好方法，Communications Research Network说。“如果控制交流被扰乱，那么抓获这些DoS攻击责任人将变得更困难，甚至不可能。”该团体在声明中称。

《endurer注：1。responsible for 为...负责；是造成...的原因》

There has yet to be an instance of an online attack launched through a VoIP application, but the Communications Research Network believes it is only a matter of time. "If left unresolved, this loophole in VoIP security won't just decrease the likelihood of (attack) detection and prosecution, it could also undermine consumer confidence in VoIP," the group said.
还没有通过VoIP应用程序发动的在线攻击实例，但Communications Research Network相信这只是时间问题。“如果置之不理，VoIP安全中的漏洞将不仅仅会降低（攻击）检测和起诉的可能性，还将破坏消费者对VoIP的信任，”该团体说。

《endurer注：1。It's only a matter of time. 这只是时间问题。
2。consumer confidence 消费者信任》

Communications Research Network contacted VoIP providers with its concerns, it said. Skype and Vonage did not immediately respond to a request for comment.
Communications Research Network说它带着关切联系VoIP供应商，Skype和Vonage没有立即响应。

《endurer注：1。with concern: 关切地(忧虑着)》