CCTV exposure: 360 certified horse pictures, click on the stolen PayPal-PayPal, 360, Trojan-IT information
In the spring of this year′s evening, Alipay, the app red war torn between, mobile QQ, smoke. A monkey Gala red war down, hit more than 200 million Alipay is leveraging the app′s status is unclear. However, only a year ago, doing business on Taobao business is targeted by a thief, rich′s company had to pay back the "scapegoat".
In January 2015, ruian, Wenzhou City Public Security Bureau received a report the informant was not somebody else is the PayPal company, says many businesses money somehow, March, Alipay, the company had to pay in advance.
Zou Pinlin Taobao users in less than four minutes were turned away more than 4,900 Yuan. Like Zou Pinlin somehow stolen a total of 19 people, most of them at a sum of more than 30,000, amount to just more than 700 Yuan. Thieves stole the money, PayPal company demanded compensation for losses were stolen. PayPal of course don′t do it, so they check where the money went.
That so many people how money was stolen from? Victims say they are get purchase information, ask them if they could not pay according to picture requirements, agreed, the other side says to add QQ friends,
And then via QQ a file.
Generally speaking in Taobao, Alipay, trade have a uniform payment process, then why are buyers of this strange way? What on Earth was he sent files? They sent was just a picture of the General could not be more general, but if you want to open this picture but I can′t open it, because it is not a picture file, but an extension to EXE executable file, this is what we call Trojan virus files. And it is this Trojan masquerading as a picture Taobao shop owners money to steal 19, so how on earth did this Trojan virus files to it? What method was used to steal the Taobao shop owners money from?
In the real world, a person has only one name. But in the online world, but can have more than one call, to find a person online is easier said than done. Crafty leave clues, Ryan police by means of investigation finally locked up a suspect named Zhuang Qian, and capture them.
Arrested Zhuang Qian, his Trojans stealing money to the crime he pleaded guilty to, so how on earth did he use any method to carry out the theft of it?
Suspects found on Taobao Taobao merchants buy things, and then to have the goods on the ground that to Taobao merchants Trojan masquerading as a photo . When the merchants after you click on the picture, the Trojans are installed on business computers. And suspects to find businesses again, the product unsuitable for reasons to apply for a refund . Then the merchants accepting applications, and when you enter your PayPal password, Trojan daemon automatically recorded the PayPal password. Suspects so easily steal the Taobao merchants PayPal password, and the money in the PayPal account is easy go to the suspect′s account.
For Ryan to the police, however, things are not so simple, two questions hover over their hearts. First, this move we′ve only finished primary school, full knowledge of the computer. This Trojan program where he was coming from? Second, most of the computer anti-virus software is installed, this Trojan virus installation will be blocked, how do the Trojans avoid obstacles like?
Dealing with these two issues, Ryan day of police questioning Zhuang Qian carefully. He told police that Trojan virus can successfully deceive Taobao business secrets. This antivirus software Avira Trojans and viruses are common, but cannot install 360 antivirus software Avira. Because the Trojans and viruses are applied for 360 free to kill certification. Otherwise it cannot be used, not even steal money. Zhuang Qian told police Ryan, gave him the 360 certified was a network is called "the elegant flower Ocean Group" friends, based on this information, the police arrested a suspect named Jiang Yongzhi in Xiamen. He did done to avoid killing Trojans and viruses account for authentication.
Jiang Yongzhi junior high school culture is not tech-savvy, why will this certification to avoid killing them? According to Jiang Yongzhi account because they company is developing software, each software out are 360 certified. He is just using the company′s favorable conditions help Zhuang Qian day they make a certification, and he earned a penny, how much is it? Certification, and 1000 Yuan.
Jiang Yongzhi do 360, Trojan virus masquerading as a picture can open and helpless. Won′t block prompt appears, or even the possibility of directly intercepting. This file is already exempt products in computer systems.
Smooth to avoid killing Trojans and viruses will not help, but the Trojans and viruses then where is it? Zhuang Qian told police that Trojans and viruses and background programs from a network named Dark Knight (Dark Knight) friends, Trojans and viruses and daemon is the Dark Knight leased to him. According to Zhuang Qian day provide clues, combined with his chat with the Dark Knight′s record, Ryan police soon found a Trojan virus and the daemon the name and address of the provider. Police arrested Fuzhou Lv Baoji. He acknowledged that Trojans are developed.
Ryan police caught Lv Baoji. Use Trojans and viruses and background programs to steal the chain is seeking to root out. But the police did not expect is that Lv Baoji told police that Trojans and viruses are his development right. But by using viruses to steal money the initiator is not Zhuang Qian, but there are others.
Based on information from Lv Baoji, Ryan was soon arrested in Liaoning province network name too, I suspect named Meng Xianyang. Is the net-it was clear by the case of Meng Xianyang. No proper job Meng Xianyang like to play online games, playing the game he found a road to make money in the process.
He scored a QQ Group, into the group after, Meng Xianyang find way to make money is to help them work, what job? Trojan. Others make money will give him.
Meng Xianyang unwilling to help other people, decided to go it alone. He made a post to buy Trojans and viruses. Someone will be in touch with him, code for him to test it, and then give the money, but Meng Xianyang left a code without paying, he posted and looking for a knowledgeable person to help him get this code.
Meng Xianyang post soon issued a response, this person is who? Is Lv Baoji. But Lv Baoji also don′t understand the code, it promised to he Meng Xianyang to re-develop a.
Lv Baoji, Meng Xianyang so-called source code is out of date, and 360 anti-virus functions of a browser is easy to recognize, he can do a better job. In this way, Meng Xianyang this rookie with Lv Baoji this expert became a rope in the same boat. Meng, Lu reached a verbal agreement between the parties, Meng Xianyang invested 20,000 Yuan by Lv Baoji to re-develop a Trojan-horse programs.
And if it is just a program may Lv Baoji will only go so far, but this is not the case. Lv Baoji and no source code to Meng Xianyang, but Meng Xianyang Trojans steal money he will mention 20%, Meng Xianyang every steal 10,000 dollars, you must give him 2000 dollars, the money stolen from tap, which is why the final judgments of the Court, finds Lv Baoji also constitute the crime of theft and why. Program have Trojan viruses and the background, Meng Xianyang completely can go it alone, why the police found in practice is to move it? Both of them have to do with it? Meng Xianyang and does not have its own operations, but also posted a small advertisement on the Internet.
Meng Xianyang issue advertising is very attractive. Part-time, sitting at home one day can earn about 300 yuan. Someone will be applied, this person is a Zhuang Qian.
Meng Xianyang to Zhuang Qian issued task is very simple, is single. Once Zhuang moved to send Trojans succeed, Meng Xianyang will receive cheat pays the valuable account information, so as to implement the transfer of theft. However in order to stimulate the move day, Meng Xianyang commitments, in addition to the fixed salary of 300 yuan a day, each stole a sum of money, half to the Zhuang Qian.
The Trojans and viruses but spent 20,000 yuan Meng Xian Yang bought from Lv Baoji, also pledged money to him with a stolen 20% suggested that the reason is because Lv Baoji vowed that, again written by Trojans and keep up with the times, capable of evading the antivirus 360 browser level, when Meng Xianyang told Lv Baoji you it no use Trojans and viruses. If installed, the tip is the virus, this cooperation cannot continue. Hearing this, Lv Baoji suddenly were to panic. If the Trojans can′t be installed, which BA that part of their money.
To address certification of the question so Lv Baoji found Jiang Yongzhi, promised him that every certified to 1000 Yuan, with the help of Jiang Yongzhi Zhuang Qian Taobao merchants installed Trojans action can often be found successful. At this point, four people of far apart, a seemingly perfect crime network architecture over, think of White Wolf can safely empty glove, but unexpectedly, two months time, a central figure in this system has suddenly disappeared, what is that thing?
Meng Xianyang and Zhuang Qian, Lv Baoji is in-line links. Zhuang Qian and Lv Baoji also was not known. But at the end of December 2014, Lv Baoji and Zhuang Qian was also found not contact Meng Xian Yang. Contact details by Meng Xianyang in Taobao, contact Lv Baoji Zhuang Qian, the two also started cooperation.
Meng Xianyang′s disappearance, Zhuang Qian Sun, Lv Baoji, Jiang Yongzhi accidentally together, Meng Xianyang go where? Surprising answers, he lost 7,000 or 8,000 yuan a night of gambling, a very, very distressed, bouts of depression, went to hospital.
It is this desire for hard to fill, but unscrupulous violations. Eventually, Zhuang Qian day, Meng Xianyang Lv Baoji, Jiang Yongzhi on the dock. January 26, 2016, ruian city people′s Court on four made the following decisions:
Zhuang Qian day the defendant is guilty of theft and sentenced to three years and three months and fined 10000 Yuan. Fines paid within the limited judgment from the date of the entry into force on 10th. Lv Baoji the defendant is guilty of theft and sentenced to three years and fine of 10000 Yuan. Jiang Yongzhi the defendant committed crime of illegally obtaining computer information system data, and sentenced to one year and fined 3000 Yuan.
Do not harm by this invisible thief, remind everyone not to try landing on someone else′s computer relating to own funds of the bank card account number, or a PayPal account. Do not randomly open a stranger sent me some file, in addition to some strange scan QR code thing, it is actually a process to download a virus.
央视曝光:360认证
木马图片,点击后支付宝被盗 - 支付宝,360,
木马 - IT资讯
就在今年的春晚上,支付宝、微信、手机QQ之间的红包大战战火纷飞、硝烟弥漫。一场猴年春晚的红包大战下来,砸了2个多亿的支付宝是否撬动了微信的地位我们不得而知。但是,就在年前,在淘宝上做生意的商家被一帮小毛贼给盯上了,财大气粗的支付宝公司竟因此背上了“黑锅”。
2015年1月,温州市瑞安市公安局接到一起报案,报案者不是旁人,正是支付宝公司,说很多商家的钱莫名其妙地被转走了,支付宝公司只好先行赔付。
淘宝用户邹品林在不到四分钟的时间内被转走了4900多元。像邹品林一样莫名其妙被盗的一共有19人,其中最多的一笔高达三万多,最少的只有七百多元。小偷把钱给偷走了,支付宝公司却要赔偿被偷者的损失。支付宝公司当然不干啦,于是它们就查这钱的去向。
那这么多人的钱到底是怎么被盗的呢?受害人说他们都是收到购买信息,问他们能不能按照图片要求来支付,他们同意后,对方就说要加QQ好友,
然后通过QQ发了一个文件过来。
一般来说在淘宝支付宝交易都有统一的支付流程,那这个有些奇怪的买家为什么要独辟蹊径呢?他发来的到底是什么文件呢?他们发来的不过是一张普通得不能再普通的图片,但是你要想打开这张图片却怎么也打不开,因为它根本就不是图片文件,而是一个后缀名为EXE的可执行文件,这就是我们常说的木马病毒文件。而正是这张伪装成图片的木马程序把19位淘宝店主的钱给偷走了,那么这木马病毒文件究竟是怎么来的呢?它又是用什么方法来偷盗这些淘宝店主钱财的呢?
在现实社会中,一个人只有一个名字。可是在网络世界里,却可以拥有多种称呼,因此要在网络世界查找一个人谈何容易。再狡猾也会留下蛛丝马迹,瑞安网警通过技侦手段最后锁定了一位名叫庄迁日的犯罪嫌疑人,并对其进行了抓捕。
庄迁日落网了,对自己发木马窃取钱财的犯罪事实他是供认不讳,那么他究竟是怎么用什么方法来实施盗窃的呢?
犯罪嫌疑人在淘宝上找到淘宝商家购买东西,然后以有没有这样的商品为理由,把伪装成照片的木马程序发给淘宝商家。当商家点开图片后,木马程序就被安装到了商家电脑里。然后犯罪嫌疑人再次找到商家,以商品不合适为理由申请退款。于是就在商家接受申请,并输入支付宝密码的时候,木马的后台程序就自动把支付宝密码记录了下来。犯罪嫌疑人就这样轻松的盗取了淘宝商家的支付宝密码,而支付宝账号里的钱也就轻松的转到了犯罪嫌疑人的账号里。
但是对于瑞安警方来说,事情可没这样简单,两个疑问一直盘旋在他们心里。一是,这庄迁日只有小学毕业,对计算机也是一知半解。这木马程序他是从何而来?二是,大部分电脑都装了杀毒软件,这木马病毒一安装就会被拦截,哪这木马程序是怎么躲过重重关卡的呢?
针对这两个问题,瑞安网警仔细盘问了庄迁日。他告诉警方,木马病毒之所以能顺利骗到淘宝商家的秘密。这个木马病毒会被常见的杀毒软件查杀,唯独安装360杀毒软件不能查杀。因为它的木马病毒是申请了360的免杀认证的。否则就不能使用,甚至是偷不到钱。庄迁日告诉瑞安警方,给他做这360认证的是一位网名叫“碎花洋群的优雅”的网友,根据这个信息,警方在厦门抓获了一个叫姜永志的犯罪嫌疑人。他交代确实给木马病毒做过免杀认证。
只有初中文化的姜永志其实并不怎么懂技术,为什么他会这认证免杀呢?据姜永志交代是因为他们公司就是开发软件的,每一个软件出来,都要做360的认证。他只不过是利用公司的有利条件帮庄迁日他们做个认证而已,而自己从中赚个小钱,多少钱呢?认证一次,一千元。
有了姜永志帮做的360认证,伪装成图片的木马病毒就可以畅通无助。再也不会出现拦截提示,或者干脆是被直接截杀的可能。在电脑系统看来这文件已经是免检产品。
免杀让木马病毒畅通无助,但这木马病毒又是哪里来的呢?庄迁日告诉警方这木马病毒和后台程序来源于一位网名叫dark knight(黑暗骑士)的网友,木马病毒和后台程序是黑暗骑士租赁给他的。根据庄迁日提供的线索,结合他和这位黑暗骑士的聊天记录,瑞安网警很快就查出木马病毒和后台程序提供者的地址和姓名。警方抓获了福州人吕宝姬。他承认木马程序是他开发的。
在瑞安警方看来,抓到吕宝姬。利用木马病毒和后台程序进行盗窃的链条已经是寻到根了。可是让警方没想到的是,吕宝姬告诉警方,木马病毒是他开发的没错。但利用木马病毒起心去偷钱的始作俑者并不是庄迁日,而是另有他人。
根据吕宝姬提供的信息,瑞安警方很快在辽宁抓获了网名叫too,真名叫孟宪洋的犯罪嫌疑人。而正是孟宪洋的落网一下让整个案件清晰起来。没有正当职业的孟宪洋喜欢玩网络游戏,在玩游戏的过程中他发现了一个赚钱的门道。
他进了一个QQ群,进了这种群之后,孟宪洋发现其实赚钱的门路就是帮他们干活,干什么活呢?发木马。别人挣到钱后就会分一些给他。
孟宪洋不甘心帮别人干,想决定单干。他在网上发了一个帖子,要购买木马病毒。很快就有人跟他联系,将代码给他让他测试一下,然后再给钱,但孟宪洋留下了代码没有付钱,他发帖准备找个懂行的人帮他搞定这个代码。
孟宪洋发出的贴子很快就有了答复,这个人是谁呢?就是吕宝姬。但吕宝姬也弄不明白这个代码,就答应孟宪洋给他重新开发一个。
在吕宝姬看来,孟宪洋提供的所谓源代码已经过时了,360浏览器的杀毒功能很容易识别出来,他能做一个更好的。就这样,孟宪洋这个菜鸟加上吕宝姬这个行家从此就成了一根绳子上的蚂蚱。孟、吕双方达成口头协议,孟宪洋出资两万元由吕宝姬重新开发一个木马程序。
而如果仅仅是开发一个程序,可能事情对吕宝姬来说也就仅仅到此为止,可情况却并非如此。吕宝姬并没有将源代码交给孟宪洋,而是孟宪洋用木马偷得钱他都要提两成,孟宪洋每盗窃一万块钱,必须得给他二千块钱,从偷的钱里抽头,这就是为什么法院最终判决时,认定吕宝姬也构成了盗且罪的原因。有了木马病毒和后台程序,孟宪洋完全就可以单干了,那为什么后来警方发现在实际操作的却是庄迁日呢?他们俩又有什么关系呢?原来孟宪洋并没有自己来操作,而是又在网上发了一个小广告。
孟宪洋发出的广告非常诱人。兼职,坐在家里一天就能赚300元。很快就有人应聘了,这人就是庄迁日。
孟宪洋给庄迁日下达的任务很简单,就是拉单。一旦庄迁日发送木马成功,孟宪洋就会收到骗来的支付宝账户信息,从而实施转账盗窃。不过为了激励庄迁日,孟宪洋承诺,除了每天300元的固定工资,每偷来一笔钱,分一半给庄迁日。
这个木马病毒可是孟宪洋花2万元从吕宝姬那儿买来的,还承诺用偷来的钱给他20%的提出,原因都是因为当初吕宝姬信誓旦旦地说,自己重新写的木马跟得上时代,能躲过360浏览器的杀毒关卡,当孟宪洋告诉吕宝姬你这木马病毒没用。只要一安装,就提示是病毒,这合作没法继续了。一听这话,吕宝姬也顿时慌了手脚。如果木马不能被安装,哪自己那部分钱就没着落了。
为了解决认证的这个问题于是吕宝姬就找到了姜永志,答应他每认证一次给1000元,有了姜永志的帮助庄迁日找淘宝商家安装木马的行动才能屡屡得手。到此,四个天南海北的人,把一个看似完美无缺的网络犯罪体系架构完毕了,本想着可以放心大胆地空手套白狼了,可是没想到,也就两个月的时间,这个体系里的一个核心人物却突然失踪了,这又是怎么回事呢?
孟宪洋和庄迁日、吕宝姬都是单线联系。而庄迁日和吕宝姬也本来并不认识。可是就在2014年12月底,吕宝姬和庄迁日同时发现联系不上孟宪洋了。通过孟宪洋在淘宝里留下的联系方式,吕宝姬竟然联系上了庄迁日,两人也开始了合作。
因为孟宪洋的失踪,庄迁日、吕宝姬、姜永志阴差阳错的走到了一起,那孟宪洋到底去哪呢?答案让人大跌眼镜,他赌博一晚上输了七、八千元钱,心疼得不得了,竟然抑郁症发作,住院去了。
正是这种难以填满的欲望,而又不择手段的违法行为。最终把孟宪洋、庄迁日、吕宝姬、姜永志送上了被告席。2016年1月26日瑞安市人民法院对四人做出了如下判决:
被告人庄迁日犯盗窃罪,判处有期徒刑三年三个月,并处罚金人民币10000元。罚金限判决生效之日起十日内缴纳。被告人吕宝姬犯盗窃罪,判处有期徒刑三年,并处罚金人民币10000元。被告人姜永志犯非法获取计算机信息系统数据罪,判处有期徒刑一年,并处罚金人民币3000元。
要做到不被这无形之贼所害,提醒大家尽量不要在其他人的电脑上登陆一些涉及自己资金的银行卡账号,或者支付宝账号。不要随意打开陌生人发过来的一些文件,此外一些陌生的扫二维码的东西,其实也是下载病毒的一个过程。