CCTV exposed 315 way way push business black chain: malicious programs clearly calls for sale-315, CCTV 315-IT news

IT news CCTV 315 evening once again exposure Internet dark industry chain of related enterprises, journalists to push road way advertising company business, for example, reveals mobile application plugins advertising business of hidden charges.

Recently, the State Internet contingency Center found that a large number of cell phone users are inexplicable phenomena. After analysis, technicians found that have appeared on this is because mobile phones contain a malicious program advertising popups. Data for these ads came from a domain called DDAPP.CN, registration of this domain name is the way technology companies. Journalists at the company found that the malicious program has clearly sold here, will let you unknowingly jumped into "paid ads" trick ...

Is to report the details of the following:

Lo who lives in Changsha, Hunan, recently found that his mobile phone was not normal. He calls list and found nearly half a year, from November 2015, a sum of 15 more MMS monthly fee. Not only that, but in February 2016, call list and a 10 Yuan in mobile application stores information. He queries the Unicom on phone calls, unexpectedly, in January 2016, value added service fee up to 51.7.

Lo: "I will not use, why there is this stuff? ”

Luo recalled on the phone occasionally pops up enticing girls pictures, wanted to close the picture, just click on the OK button.

Then the value appearing in the phone business is not with these pop-up images do?

State Internet contingency Center security team leader told reporters that in their daily monitoring, also found that a large number of cell phone users are inexplicable phenomena.

This is a specialized application designed for buying train tickets, the reporter noted, in the course of using the software, will pop up a prompt box, lined with some similar to the application icon above, technician click on icons of beauty video, mobile phone installation interface appears immediately.

Soon after the installation is complete, a product description dialog box pops up on the screen, but there is an OK button, a technician told reporters, and you have to be careful, because this pop a catch. Was sprinkled with small, hidden phrase: this product information charge 10 yuan per month. When you click OK, the dialog box disappears. Subsequently, the calls list shows that this operation was actually a custom value added operating costs 20 Yuan.

According to the Ministry's request, user applications for custom classes, monthly subscription class mobile information services business, must be user "secondary confirmation", however, journalists puzzled is that throughout the testing process, the phone but did not receive any confirmation SMS alerts and notifications.

So why in a quick covert charges of malicious software hidden in some programs? After analysis, technicians found a plugin is built into the software, precisely because it only makes the phone appeared on the containing the malicious program advertising popups.

National emergency response Center Engineer He Nengqiang the Internet: "we found that these advertising data from a domain called DDAPP.CN, registration of this domain name is the way technology companies. ”

On the official website, way way technology claims to be the largest private media Internet marketing service provider, dedicated to provide customers with mobile Internet technology and advertising services.

QQ online customer service chat also admits that, with this plugin, they do for some meant to be sexual charge software promotion.

Beijing Jian Xiang road way of the building company, the reporter saw a client department director Chen. When a reporter asked for through plug-in extension fees application, Chen immediately gave the requirements and standards of the company.

Road way technology co Chen Qin: "we need you monthly on demand all charges prompted clear user confirmed, rates prompts need to be placed above or below at the confirmation prompt, very close to clear this is 1 block 2. ”

But the reporter noted that the road way companies pushed to the app on the phone screen, tips on charges not only is far from OK button, even if you want to find these important tips will not be easy, why is that?

Road way technology co Chen Qin: "If a little fuzzy or (package) large price are not the same but some are in pursuit of high profits and high return, although it cost is high, but it charges prompted a little fuzzy, but he thought it'd be worth, there is 1 block 5. ”

It seems that if you pay more, way way companies can relax the requirements, allowing the deduction program put the charges prompted large chunks of text or inconspicuous location, the so-called "fuzzy" processing, so that users cannot easily be found.

Apart from charge tips, deductions were to be achieved it will be "the second confirmed" this off, what should you do?

Road way technology co Chen Qin: "If you have the second confirmation, we advise you not to do. Your income is not so high, you have earned your costs do not come back. ”

Then these applications is how to hide the user quietly charged it?

Technical staff analysis found that the operator's notification and confirmation messages are malicious programs secretly blocked!

Not only that, these deductions program also secretly through the background for users to reply to a confirmation message.

National Emergency Center Ding Li, Deputy Director of the Department of the Internet: "We also found through detection, through youdao plug-in promotion charge procedure at least dozens of, these programs can block confirmation feedback message, permission for users to send a confirmation text message, according to the Ministry's definition of malicious programs, these programs are unauthorized calls the user's billing systems, which belongs to the malicious program. ”

Reporters also noted that triggered charges like these buttons is also varied, some are "I know", either to confirm the 18-year-olds, while others want to close the program is also difficult, users can click OK.

央视315曝道有道推送业务黑链：吸话费的恶意程序明码出售 - 315,央视315 - IT资讯

IT资讯讯 央视315晚会再次曝光互联网相关企业的黑色产业链，记者以道有道广告推广公司的推送业务为例，揭示了手机应用插件广告暗藏扣费业务的现象。

就近日，国家互联网应急中心发现了大量手机用户被莫名扣费的现象。经过分析，技术人员发现，这是因为手机上出现了包含了恶意扣费程序的广告弹窗。而这些广告的数据都来自于一个叫DDAPP.CN的域名，这个域名就是道有道科技公司注册的。记者在该公司发现，这里的恶意程序竟然明码标价出售，会让你在不知不觉中跳进“付费广告”的圈套…

以下是报道详情：

家住湖南长沙的罗先生最近发现自己的手机话费有点不正常。他查询了近半年的话费详单后发现，从2015年11月起，每月多出了一笔15元的彩信费用。不仅如此，2016年2月份，话费详单中又多了一笔10元钱的移动应用商场信息费。他又查询了这部手机上的联通话费，没想到，在2016年1月份，增值业务费高达51.7元。

罗先生：“我本人不会使用，为什么会有这个东西呢？”

罗先生回忆说，在手机上偶尔会弹出充满诱惑的美女图片，想要关闭这些图片，只能点击上面的确定按钮。

那么话费里出现的增值业务是不是和这些弹出的图片有关系呢？

国家互联网应急中心移动网络安全小组负责人告诉记者，他们在日常监察中，也发现了大量手机用户被莫名扣费的现象。

这是一款专门为抢购火车票而设计的应用程序，记者注意到，在使用这个软件的过程中，会弹出提示框，上面排列着一些与应用程序类似的图标，技术人员点击美女视频的图标，手机立即出现了一个安装界面。

很快，安装完成后，屏幕上弹出了一个产品说明对话框，下面还有一个确定按钮，技术人员告诉记者，这时候要格外小心了，因为这个弹窗暗藏玄机。果然在密密麻麻的小字里，隐藏着这样一句话：本产品信息费10元每月。点击确定后，对话框消失。随后，话费详单显示，这次操作实际上被定制了20元的增值业务费。

按照工信部的要求，用户申请订制包月类、订阅类移动信息服务业务时，必须经过用户“二次确认”，可是，让记者感到不解的是，在整个测试过程中，手机上却没有收到任何让用户确认的短信提醒和通知。

那么，为什么在一个抢票软件中隐藏着一些暗中扣费的恶意程序呢？经过分析，技术人员发现，在这款软件中内置了一个插件，正是因为它，才使手机上出现了包含了恶意扣费程序的广告弹窗。

国家互联网应急中心 运行部 高级工程师 何能强：“我们发现这些广告的数据都来自于一个叫DDAPP.CN的域名，这个域名就是道有道科技公司注册的。”

在官方网站上，道有道科技有限公司自称是目前最大的自有媒体互联网移动营销服务商，专注向客户提供移动互联网技术及广告服务。

官网上的QQ客服在聊天中也承认，借助这个插件，他们的确为一些带有色情意味的扣费软件做推广。

在北京市健翔大厦的道有道公司，记者见到了客户部总监陈女士。当记者提出想要通过插件推广收费应用程序时，陈女士马上给出了公司的要求和收费标准。

道有道科技有限公司陈勤：“我们不管你包月点播所有资费提示需要清楚，用户点确认之前，资费提示需要放在确认提示的上面或者下面，很近，比较清楚这样是1块2。”

可是记者注意到，道有道公司推送到手机屏幕上的收费程序，对资费的提示不仅离着确定按钮很远，甚至要想找到这句重要的提示也并非易事，这是为什么呢？

道有道科技有限公司陈勤：“如果稍微模糊点或者（安装包）大一点的价格都不一样但是有的是为了追求高利润、高回报，虽然它成本也高，但是它资费提示模糊一点，但是他觉得还值，也有1块5买的。”

看来，只要肯多交钱，道有道公司就可以放宽要求，允许扣费程序把资费提示放在大段的文字当中或者不起眼的位置，进行所谓“模糊”处理，让用户不能轻易发现。

除了资费提示，要想实现扣费还要过“二次确认”这一关，这该怎么办呢？

道有道科技有限公司陈勤：“你如果有二次确认的，我们都建议你不要做。你的收益没有那么高，可能你连成本都挣不回来。”

那么这些收费应用程序又是如何瞒过用户悄悄扣费的呢？

技术人员通过分析后发现，原来运营商的通知和确认短信都被恶意扣费程序暗中屏蔽了！

不仅如此，这些扣费程序还通过后台偷偷地替用户回复了一条确认短信。

国家互联网应急中心 运行部副主任 丁丽：“我们通过检测还发现，通过道有道插件推广的扣费程序至少还有几十款，这些程序会拦截反馈的确认短信，擅自替用户发送确认短信，根据工信部关于恶意程序的定义，这些程序属于擅自调用用户的付费系统，属于恶意程序。”

记者还注意到，这些触发收费的按钮也是五花八门，有的是“我知道了”，有的是对年满18岁进行确认，而有的想关闭程序也很困难，用户只能点击确定。