Silicon Valley Wire

College Park, Md. -- Computers with Internet access are attacked by hackers an average of every 39 seconds, according to a new study by the University of Maryland's A. James Clark School of Engineering. The study, conducted by assistant professor Michel Cukier, profiled the behavior of "brute force" hackers, who use simple software-aided techniques to randomly attack large numbers of computers. "Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities," said Cukier. In the study, Cukier and two of his graduate students set up weak security on four Linux computers with Internet access, then recorded what happened as the individual machines were attacked. They discovered the vast majority of attacks came from relatively unsophisticated hackers using "dictionary scripts," a type of software that runs through lists of common usernames and passwords attempting to break into a computer. "The computers in our study were attacked, on average, 2,244 times a day," said Cukier. "Root" was the top username guess by dictionary scripts, attempted 12 times as often as the second-place "admin." Other top usernames in the hackers' scripts were "test," "guest," "info," "adm," "mysql," "user," "administrator" and "oracle." All should be avoided as usernames, Cukier said.
http://www.eng.umd.edu/media/pressreleases/pr020607_hacker.html