Go homepage(回首页) Upload pictures (上传图片) Write articles (发文字帖)
The author:(作者)qqpublished in(发表于) 2013/11/21 1:42:17 QR code hidden virus: see yards swept easily spared no expense,
QR code hidden virus: see yards swept easily spared no expense-QR codes, QR virus-IT information QR code hidden virus: see yards swept easily spared no expense
"The phone is sweeping a QR code, open Taobao shop found Liu went to the Bank to get the money in the bank card's balance is 0"; "real rip-off, sweeping away the QR code made by the seller, more than 50 Yuan bill was gone. "In recent days, similar to QR codes" complaining "Nowadays, many users scan the QR code or receive files sent by others after the installation, find their bank card consumption, Internet users tend to victims suffered heavy losses: thieves bank card deposits will be looted.
Micro-blogging, micro-letter, universal access to applications such as Alipay, QR codes have become one of the more popular channels of information. Consumer camera on the phone QR code can scan a lot of useful information, such as commodity prices, commodity production, and so on. Applyment and popularization of the QR code was originally brought a lot of convenience to consumers, but there are also a growing number of illegal use of QR code's vulnerability to deception. Why, once the QR codes to facilitate consumer trap?
Casual bar code led to loss of money
According to our information, QR code is a specific geometry according to certain rules in the plane (two-dimensional direction) distribution of black and white graphics on, of all information and data is a key. In modern business activity, can be widely implemented, such as: product anti-counterfeiting, traceability, advertising push, Web site links, data download, commodity trading, e-vouchers, information sharing, and so on. Fact two-dimensional code invented in initially provided great convenience for consumers. Consumers via mobile phone and gently sweep you can gain a lot of product information.
However, recently there have been many users reflects that the phone has finished scanning the QR code appears after many unexpected "situation". Mr CHOW is a Taobao seller, specializes in door and window fabrication and installation. Not long ago, a new buyer take the initiative to contact Zou Xian, he did not think what to buy goods, but rather in the chat messages sent to QR, saying "micro-sweep can be seen using a mobile phone wants to buy Windows and doors details". According to Mr CHOW to 360 line lost Center back, after he installed software on the QR code, each other with "convenience link" is asked for his phone number and leave an excuse to eat. Zou Mr was also didn't care, but a hours Hou, he suddenly found themselves of Mong Mong account log not Shang has, original is password has was people modified, zhihou again view paid Po account, found not only balances in the of 3,000 yuan was stolen, and paid Po bound of CCB card also was consumption has 2000 Yuan, and he of account also has was associated to has a strange phone, registered of paid Po account Shang.
Not just sellers QR entrap, buyers will also be confused by the QR code. Ms users reflected to reporters: in her online keep an eye on a dress, the owner claimed to scan the QR code to get more information. Then she scanned the QR code and follow the instructions to install the software, and waiting for her was not more detailed information but the phone crashes when ladies find stores, shops have been off line. Ms Zhang is the scammers produce good scans under the guidance of their prior QR with Trojans and viruses, making cellphone paralysis.
In fact, now on the market, Ms card after you scan the QR code mobile phone problem is not a few, instead it is just the low end of the QR scam, outlaws the ultimate goal will always be the money in their pockets. Why strange and Mr CHOW to pay accounts were stolen? Little QR codes and how he stole the money?
Photo by Hu Guoqiu
QR code hidden viruses
It is understood that the victim before the funds were stolen, most Android phones are used to scan QR codes, or using Android phones receive and install APK files of unknown experience. Security experts point out that online banking funds stolen has a direct relationship with the apk file, due to poor safety awareness for victims, easily installed on their cell phones on a stranger-supplied programs, will incidents of stolen funds. "The APK files are mobile viruses, is simple: victims of mobile phone text messages, the aircraft carrier, forwarding via SMS or e-mail message, text message online banking are the key information of code or a third-party payment site. "The security expert said that" the virus itself is not able to complete features of stealing online bank funds, the threat is at the heart of stealing code, we named this type of virus code thieves. " Analysis of nearly 200 code: thieves, either block all SMS directly to virus found on the author's cell phone, then victims phone won't receive any messages. Code thief do to SMS content filtering, block content containing only "Bank, CAPTCHA, paid" keywords such as SMS, forwarded via SMS or email to get the contents of short message. This more subtle, when consumers find exceptions, such as credit card balances have been looted.
Only take the message, how to lose money in their bank card? A lot of people didn't notice, actual online banking payment, fast payment SMS security cornerstone. Online banking features open, login and consumer payment instruments, use SMS authentication, when your mobile phone is installed to intercept SMS Trojan, is equivalent to your phone right now in someone else's hands. Put your cell phone man, knows everything about victims ' personal information through other channels, like a people known to you everything. One who knows everything about you and took your phone, ready to go spend your bank card.
Security experts, the thieves of write verification code does not require high skills, in fact some verification code Grand Theft virus author is essentially a rookie. Can easily be found in a virus-encoded thief phone number and email account passwords. Login used to collect victim's mailbox message has a more startling discovery: CAPTCHA thieves authors collect SMS mailing thousands of letters as much as hundreds or thousands of the victims. Includes online banking, PayPal and other payment instrument fallen prey to thieves of CAPTCHA. Through the analysis of code thieves statistical, CAPTCHA Bandit activity have on the computer more than a few years ago flooded Online Trojan, peoples ' actual loss caused by code thieves are well in excess of net purchases in the past Trojans. Code grand theft has become the smart phone user of online banking security enemy number one.
"Yards, sweep" is dangerous
Although QR codes on the market becoming more and more common, but many consumers are still not really recognizing what is a QR code. Ms Zhang said later: "I do not understand what is a QR code, didn't expect to sweep the results would be so serious. "Consumers" don't know "provides opportunity for the criminals.
Software professionals who advise consumers: "QR code is simply a bunch of Web sites, very simple to build the release. QR fabrication as well as "zero threshold", simply download a QR code generator software, add related links, you can build a picture of the QR code. Therefore, some people with the program's Web site in the QR code, if consumers are not careful to brush, it is possible to poison. "So experts advise a large number of consumers, before scanning the QR code must be clear about its source, don't see QR codes, scans, it's easy to fall into the trap of lawless elements. In General, regular newspapers, magazines, and posters available on the famous shopping centres of QR code is safe, but on the Web don't know source of QR code requires vigilance.
Security experts say, QR cannot "yards, sweep", is particularly wary of strangers sent to QR codes, for example with a software download, account login page, QR code, shall immediately close the page. If your phone has been scanning suspicious QR, Avira professional security software should be used, so as not to encounter messages leaked even property damage.
Mobile Player is recommended, if you are a "bar code control" should we use professional bar code tools acceded to monitored, swept to a suspicious Web site has security reminders. Using QR codes to install software, after install, it is best to use anti-virus software to scan it again and then turn. Of course, customers can also choose to have the recognition of sweep codec for real-time monitoring, this kind of mobile phone security software has added a detection, swept to a suspicious Web site, would make a security alert.
Consumers face a QR code to increase their awareness, mobile phones and bank cards bound, do not store excessive amounts of money in the bank card, to avoid a chain reaction caused heavy losses. While not seduced by criminals, such as QR offers sweeping policy trap. Governments and relevant departments should also strengthen the QR code the management and regulation of the market. QR code lot of itself to the Government and the relevant departments increasing the difficulty of management, for example, produce low threshold, cannot set limits. With the relevant departments of the Government should quickly conduct research, create effective management programmes to prevent scanning QR codes to the fraud from happening again.
二维码暗藏病毒:见码就扫易破财 - 二维码,二维码病毒 - IT资讯二维码暗藏病毒:见码就扫易破财
“手机扫了一个二维码,开淘宝店的刘先生去银行取钱发现银行卡的余额为0”;“真坑人啊,一扫卖家发的二维码,50多元的话费没了。”近日,类似关于二维码的“诉苦”可谓层出不穷,许多网友在扫描二维码或者接收别人发送的文件安装之后,发现自己的银行卡被消费,受害网民往往损失惨重:不少小偷会将银行卡活期存款洗劫一空。
随着微博、微信、支付宝等应用的普及,二维码已经成为一种比较普遍的信息渠道。消费者将手机镜头对准二维码可以扫描出很多有用的信息,例如:商品的价格、商品的生产地等等。二维码最初的使用与推广为消费者带来了很多便利,但同时也有越来越多的不法分子利用二维码的漏洞行骗。为什么曾经为消费者提供便利的二维码如今会变成陷阱呢?
随便扫码导致金钱损失
据资料显示,二维码是用特定的几何图形按一定规律在平面(二维方向)上分布的黑白相间的图形,是所有信息数据的一把钥匙。在现代商业活动中,可实现的应用十分广泛,如:产品防伪、溯源、广告推送、网站链接、数据下载、商品交易、电子凭证、信息传递共享等等。事实上二维码的发明在最初为消费者提供了很大的便利。消费者通过手机轻轻一扫就可以获得不少商品的信息。
但是,近日有不少网友反映:手机在扫完二维码之后出现了很多意想不到的“状况”。邹先生是一名淘宝卖家,专门经营门窗制作和安装。不久前,一位陌生买家主动与邹先生联系,却不提想买什么商品,而是在聊天消息里发来一个二维码,说“用手机微信扫一下就可以看到想买的门窗详细资料”。据邹先生向360网购先赔中心反馈,他在安装二维码中的软件后,对方以“方便联系”为由索要了他的手机号码,然后借口去吃饭而离开。邹先生本来也没在意,但一个小时后,他忽然发现自己的旺旺账号登不上了,原来是密码已经被人修改,之后再查看支付宝账户,发现不光余额中的3000元被盗,与支付宝绑定的建行卡也被消费了2000元,而他的账户也已被关联到了一个陌生手机号注册的支付宝账户上。
不光是卖家被二维码坑害,买家也会被二维码所迷惑。网友张女士向记者反映:她在网购中看好一款衣服,店主声称扫描了二维码可以获取更多信息。于是她扫描了二维码并按照指示安装了软件,结果等待她的不是更详细的信息而是手机的死机,这时张女士再找店家,店家已经下线了。张女士正是在骗子的指导下扫描了他们事先制作好带有木马病毒的二维码,致使手机瘫痪。
事实上,目前市场上类似张女士这样扫描了二维码后手机出问题的并不是少数现象,相反这只是二维码骗局中最低端的一种,不法分子最终的目标永远都是消费者口袋里的钱。而邹先生的支付账户为什么会离奇被盗?小小二维码又是如何偷钱的?
胡国球摄
二维码暗藏病毒
据了解,受害者资金被盗之前,大多有使用安卓手机扫描二维码,或者使用安卓手机接收、安装不明apk文件的经历。安全专家指出,网银资金的被盗与这些apk文件有直接关系,由于受害者安全意识较差,轻易在自己手机上安装陌生人提供的程序,才会有资金被盗的事件发生。“这些apk文件都是手机病毒,功能非常简单:将受害者手机短信拦截下来,通过短信转发或者电子邮件传输短信内容,短信内容的关键信息是网银或第三方支付网站发送的验证码。”安全专家说,“病毒本身并不能独立完成盗窃网银资金的功能,最核心的威胁是盗取验证码,我们将这类病毒取名为验证码大盗”。分析了近200个验证码大盗,发现有的是直接拦截所有手机短信到病毒作者的手机上,这时,受害者手机将不能收到任何短信。有的验证码大盗对短信内容做了筛选,只拦截内容中含“银行、验证码、支付”等关键字的短信,通过短信转发或邮件发送获得短信内容。这种更加隐蔽,等消费者发现异常时,银行卡余额已被洗劫。
只拿走短信,银行卡里的钱怎么会丢呢?许多人没注意到,手机短信实际成为网银支付、快捷支付的安全基石。网银功能的开通、支付工具的登录和消费,都使用手机短信验证身份,当你的手机被安装了拦截短信的木马,就相当于你的手机此刻在别人手上。而这个拿你手机的人,又通过其他渠道对受害者个人信息了如指掌,就好像一个熟知你一切的人。一个人知道你的一切,又拿走了你的手机,就可以随心所欲支配你的银行卡。
安全专家介绍,编写验证码大盗并不需要高深的技巧,实际上有些验证码大盗病毒作者是十足的菜鸟。在病毒编码中可轻易发现小偷手机号和邮箱账号密码。登录这些用来收集受害人短信的邮箱有了更加惊人的发现:验证码大盗作者收集短信的邮件有数千封之多,受害者成百上千。包括网银、支付宝等多家支付工具沦为验证码大盗的猎物。通过对验证码大盗的分析统计,验证码大盗的活跃程度已经超过几年前在电脑上泛滥的网购木马,验证码大盗对网民造成的实际损失也大大超过以往的网购木马。验证码大盗已成为智能手机用户网银安全的头号敌人。
“见码就扫”很危险
尽管二维码在市场上越来越普遍,但是许多消费者仍没有真正的认识到什么是二维码。张女士在后来也表示:“我在之前不懂什么是二维码,也没有想到扫一下结果会如此严重。”消费者的“不了解”便为不法分子提供了可乘之机。
软件专业人士提醒消费者:“二维码其实就是一串网址,生成发布都很简单。二维码的制作也是“零门槛”的,只要下载一个二维码生成软件,放入相关的链接,就可以生成一张二维码图片。因此,一些人将带有病毒程序的网址放进二维码里,如果消费者不小心刷了,就有可能中毒。”因此专家提醒众多消费者,在扫描二维码之前一定要清楚它的来源,不要见到二维码就扫描,那样很容易掉进不法分子的圈套。一般来说,正规的报纸、杂志以及知名商场的海报上提供的二维码是安全的,但是在网站上发布的不知来源的二维码需要引起警惕。
安全专家表示,二维码不能“见码就扫”,尤其要警惕陌生人发来的二维码,例如带有软件下载、账号登录网页的二维码,应立即关闭页面。如果手机曾经扫描过可疑二维码,应使用专业安全软件进行查杀,以免遭遇短信泄露甚至财产损失。
有手机玩家则建议,如果自己是一个“扫码控”,应该选用专业的加入了监测功能的扫码工具,扫到可疑网址时会有安全提醒。通过二维码来安装的软件,安装好以后,最好先用杀毒软件扫描一遍再打开。当然,消费者们还可以选择具有识别功能的扫码器进行实时监控,这类手机安全软件都已经加入了一个检测功能,扫到可疑网址时,会做出安全提醒。
消费者面对二维码要增强自身防范意识,如果手机和银行卡绑定,不要在银行卡内存储数额过大的资金,避免发生连锁反应造成重大损失。同时也不要受到不法分子的诱惑,例如:扫二维码有优惠政策的圈套。政府及有关部门也应该加强对二维码市场的管理和规范。二维码很多自身的情况为政府及有关部门的管理增加了难度,例如:制作门槛低、无法统一设限等。因此政府更应该快速的与有关部门进行研究,制作出有效的管理方案以防止扫描二维码诈骗案再次发生。
赞