|
2008
has been a year of growth: in amounts of malware, in infections,
in the number of botnets and in criminal profits. What is needed
is growth in punishment for these criminal activities.
In
its End of Year Data Security Wrap-up for 2008, F-Secure explains
how 2008 has been another record year of explosive growth in the
amount of malicious software (malware) on the Internet. F-Secure’s
detection count tripled in one year, which means that the total
amount of malware accumulated over the previous 21 years increased
by 200% in the course of just one year.
Criminal activity for financial gain remains the driver for the
massive increase in Internet threats. Today’s malware is produced
by highly organized criminal gangs using increasingly sophisticated
techniques. This year has seen increasing botnet activity around
the world. These remotely controlled networks of infected computers
remain a major challenge to the IT security industry because it
is their vast computing power that is behind the unprecedented level
of spam e-mail and malware distribution.
In 2008 Internet security issues once again made global news, from
the huge rise in the amount of malware produced in the Chinese language
during the Beijing Olympics, to attacks on the computer systems
of the presidential candidates in the United States. Three major
London hospitals were affected by a computer virus outbreak, while
the United States Department of Defense decided to ban the use of
USB memory sticks because of the security threat they pose. In 2008
malware even went into space as an online games password-stealer
made its way onto the International Space Station on an infected
laptop.
Bringing Internet criminals to justice remains a challenging task
but there have been some recent successes. An FBI operation closed
down Dark Market, an online marketplace for stolen credit card numbers
and illegal Internet services. Investigative journalistic work led
to the demise of McColo Corp. which hosted major botnets, resulting
in a temporary fall in the amount of spam e-mail. On the corporate
level, Microsoft has filed lawsuits against the purveyors of rogue
security applications attempting to scare Internet users into buying
worthless products.
Despite these successes, Internet crime is now more prevalent and
more professional than ever before. F-Secure believes that against
a background of steeply increasing Internet crime, the obvious inefficiency
of the international and national authorities in catching, prosecuting
and sentencing Internet criminals is a problem that needs to be
solved. A call for the establishment of “Internetpol” to tackle
online crime – made by Mikko Hypponen, F-Secure’s Chief Research
Officer – has been received with great interest internationally.
Hypponen says: “The bottom line today is that too few of the perpetrators
get punished. As a result, we’re sending the wrong message to criminals:
here is a way to make lots of money and you will never be caught
or punished.”
2008 年是充滿增長的一年:惡意程式和感染數字、殭屍網絡數量和網上非法牟利活動以倍數提升。不法之徒日益猖獗的行為,我們必須加以正視,並透過法律制裁打擊網上犯罪活動。
F-Secure 發表的「2008 年終數據保安報告」指出,今年所截獲的惡意編碼程式(malware)數量錄得爆炸性增長。F-Secure
保安實驗室在過去十二個月偵測到的惡意軟件較去年增加三倍。換句話說,21 年間所累積的惡意程式總數在短短一年間上升了200%。
涉及金錢利益的不法活動依然是互聯網威脅飆升的主要動力。現時的惡意程式由組織嚴密的犯罪集團,以愈趨精密的技術開發。今年,世界各地的殭屍網絡活動愈見頻繁。這些被遙距操控的受感染電腦網絡一直是IT保安界的重大挑戰,因那些網絡強大的運算能力正正就是濫發電郵和惡意程式的元兇。
保安事故再度成為2008年的全球性新聞,由北京奧運期間大量產生的華文惡意程式,以至針對美國總統候選人電腦系統的攻擊。此外,三家倫敦醫院受到一隻電腦病毒爆發的影響,而美國國防部基於其潛在保安威脅而決定禁止使用USB
「手指」。今年,一名網上遊戲密碼竊匪更透過一台受感染電腦,將惡意程式帶到國際太空站,讓其魔爪伸展至外太空。
要將網絡罪犯繩之於法一直存在相當困難,然而,近期卻有數宗成功案例。一個美國聯邦調查局行動成功搗破名為「黑市場」(Dark Market)的失竊信用卡號碼及非法互聯網服務的網上交易平台。經過一輪新聞調查後終揭發了寄存主要殭屍網絡的
McColo Corp.,隨?該公司的結束,濫發電郵數量得以暫時下降。在企業層面方面,微軟早前便向恐嚇互聯網用戶購買垃圾產品的劣質保安應用程式代理商提出起訴。
撇除少數成功案例,現時的互聯網罪行比任何時候都更猖獗和專業。F-Secure 相信針對急速飆升的互聯網罪行,國際和國家在拘捕、檢控和裁判互聯網罪犯方面的明顯不足仍有待改進。
F-Secure首席研究總監 Mikko Hypponen 提出成立「互聯網國際刑警」以打擊網絡罪行的呼籲,更在國際間取得相當大的迴響。
Hypponen 表示:「目前的底線是太少犯案者被制裁。結果,我們給予罪犯一種錯覺,認為這是一個可賺取暴利而永不會被捕或判刑的途徑。」
|
