对网上购物安全的浅析
摘 要:摘要:通过对网民网购被盗案例的细致分析,指出了网购盗窃技术手段是传输网购木马和制作钓鱼网站,并分析了其诈骗手段,进而提出了避免网购被盗的措施:提高网络交易平台的安全性、提高网民网络购物安全意识和学会安全的网购操作方法。
Pick to: this paper, through detailed analysis of the netizens online theft case, pointed out that online shopping is technology transfer online theft Trojan and fishing sites, and analyses the fraud means, thus avoid online theft measures are put forward: to improve the security of the network trading platform, improve the Internet online shopping security consciousness and society security online operation method.
关键词:关键词:网络购物;木马;钓鱼网站;网上支付;交易安全
Key words: key words: the network shopping; Trojan horse; Phishing site; Online payment; Transaction security
1.引言
网上商品价廉物美和网络购物的方便快捷赢得了广大网民的喜爱,网购市场因此发展迅速。据中国互联网信息中心(CNNIC)统计,截至2012年6月底,我国网民数量达到亿,网络购物用户规模达到亿,网上银行和网上支付用户数分别达到和亿,团购用户达到6181万。我国网络购物市场交易金额已经连续4年实现了成倍增长,至2011年底我国网购交易金额达到7849亿元,今年仍会保持这样的增长势头[1]。
Online goods quality and cheap, and online shopping convenient and quick to win the majority of Internet users, online shopping market therefore has developed rapidly. According to the China Internet network information center (CNNIC) statistics, as of the end of June 2012, Internet users in China reached 538 million, 210 million network shopping user scale, online banking and online payment users reached and 187 million respectively, million group-buying users. China's online shopping market transaction amount has been multiplied, for four consecutive years by the end of 2011 China's online shopping transaction amount is billion yuan, the year will remain such growth [1].
随着网络购物和网上支付的用户规模的不断壮大,犯罪集团也闻风而动,把罪恶的魔爪伸进网购领域。他们不断变换诈骗、盗窃网购用户技术手段,严重损害广大网络用户的利益。据金山云安全中心统计,今年上半年,新增钓鱼网站的数量和拦截量均比去年同期增长10倍左右,钓鱼网站的拦截量是病毒、木马报警次数的15-20倍,有近8%的网民在网上遇到过网购被盗。截至今年6月底,在过去的一年里,全国超过6000万网民因网络诈骗损失300多亿元[2]。网购安全形势严峻。
As the network shopping and online payment of the growing user scale, the criminal group also hungry, the evil clutches into shopping areas. They constantly changing fraud, online theft user technology, seriously damage the interests of the majority of Internet users. According to Jin Shanyun security center statistics, in the first half of this year, the increased amount of phishing sites and block amount are about 10 times higher than the same period last year, fishing site the amount of interception is a virus, Trojan alarm number 15 to 20 times, nearly 8% of netizens met online theft on the Internet. As of the end of June this year, in the past year, the national more than 60 million Internet users for Internet fraud losses of more than 300 one hundred million yuan [2]. Online shopping security situation grim.
2.网络购物安全威胁
网民在网络购物过程中,被盗的经历五花八门,但从技术角度来看,网购盗窃技术手段主要有两种:传输网购木马和制作钓鱼网站。网购盗窃的7成是被钓鱼网站欺骗,被网购木马直接抢钱的约3成。目前,网购被盗呈现出三个特点:一是木马、钓鱼网站更新越来越快,传统安全软件应接不暇;二是木马样本的体积制作得越来越大,试图绕过杀毒软件的云技术;三是整个作案速度越来越快。
Internet users in the network shopping process, stolen experience is multifarious, but from a technical perspective, cyber theft techniques there are two main types: transfer online fishing website trojans and production. 7 as a phishing website online theft cheat, be online trojans directly rob money about 3. At present, the cyber theft presents three characteristics: it is a Trojan, fishing website updates faster and faster, the traditional security software; 2 it is Trojan sample volume production more and more big, try to bypass antivirus software cloud technology; Third, the crime is more and more fast.
网购木马
网购木马是近年来新出现的一种欺诈木马,以交易劫持为主的网购木马,是“商家”与网购者进行沟通时,以各种名义给买家传输文件实现盗窃。通常骗子将自己伪装成“卖家”,将包含木马程序的文件伪装成诸如“细节图”等文件发送给买家,程序运行后会在后台篡改支付链接到指定的第三方支付。一旦中招,所有购物交易都将被木马劫持到骗子指定的第三方支付。骗子还会借口卡单或支付宝维护等幌子,让受害者为一个定单反复支付,达到盗窃目的。
Online shopping the Trojan is emerging in recent years a fraud trojans, predominantly transaction hijacking online trojans, is "merchants" communicate with shoppers, for buyers to transfer files in the name of all kinds of theft. Liars usually disguise yourself as "the seller", a file will contain a Trojan disguised as documents sent to the buyer such as "detail", after the program runs in the background to tamper with links to the designated third party payment. Once the supportive all shopping transactions will be abducted by the Trojan to cheat designated third party payments. Liar will excuse card or pay treasure to maintenance, let the victims to pay for an order over and over again, purpose of theft.
网购木马的传播方式比较单一,目前只发现通过QQ或淘宝旺旺等聊天工具传播,尚未发现和其他木马捆绑传播,因此传播量相对稳定。金山网络云安全中心监测数据显示,2012年上半年,网购木马每天通过QQ或淘宝旺旺发送的数量达上千次。网购木马的绝对传播数量虽然不是很多,但骗子往往进行的是点对点攻击,极易上当受骗。若受害者电脑安装的杀毒软件未及时拦截,网购木马诈骗成功率就接近100%。
Online Trojan mode of transmission is the single, currently only found through chat tools such as QQ or taobao wangwang, have been found and other trojans bundled transmission, so the communication volume is relatively stable. Kingsoft cloud security network center, monitoring data show that in the first half of 2012, online Trojan sent via QQ or taobao wangwang, every day the number of up to thousands of times. Online Trojan spread absolute number though not many, but liars tend to point to point, easy to be deceived. If the victim computer installed antivirus software not timely interception, online Trojan fraud success rate is close to 100%.
网购木马作案手法
1)盗号
盗号木马主要通过潜藏在网页中或是图片及一些文件里,通过受害者打开网页或是打开“卖家”发来的文件,盗取网民的淘宝ID、支付宝ID、QQ号、银行卡或信用卡信息,然后伺机窃取用户资产。
Theft behavior mainly through Trojan hidden in a web page or in the pictures and some documents, victims by open the web page or open a file from the "seller", steal users taobao ID, alipay ID, QQ number, bank card or credit card information, and then to steal user assets.
2)交易劫持
这类木马是最早发现的网购木马类型,大小一般为30MB左右,用图片或Office图标做掩饰,在整个网购木马中占比约为20%。此类网购木马不需要借助任何其他文件,所有操作都由自己完成,通过淘宝旺旺、QQ等将以“实物图”等命名的文件发给买家,买家打开就会直接运行木马程序。
This type of Trojan horse is the earliest discovered online Trojan type, size, generally about 30 MB, with pictures or Office icon do mask, in the whole online Trojan accounted for about 20%. Such online trojans do not need to use any other files, all operations are completed by himself, through the taobao wangwang, QQ, etc will be named after "real figure" documents sent to the buyer, the buyer open will run directly trojans.
3)“压缩包炸弹”
“压缩包炸弹”类网购木马是最近发现的网购木马的新形式,主要采用两种方式逃脱杀毒软件的查杀。首先,它将自身体积由原来网购木马的几十MB增大至上百MB,有的整个文件达到400MB左右,文件体积的增大会极大地影响传统杀毒软件的查杀结果;其次,病毒制作者采用稀有的压缩格式对病毒进行多层循环打包。
"Package bomb" class online Trojan is the recent discovery of a new form of online shopping a Trojan, mainly adopts two ways to escape the antivirus software detected. First of all, it will be their size from online Trojan dozens of MB to hundreds of megabytes, or the entire file has reached around 400 MB, increase file size will greatly influence the traditional antivirus software detected results; Secondly, virus creators of the virus by rare compressed format multilayer circulation packaging.
这类网购木马在最后一层打包后会重新命名为诸如“实物图”等一些会诱骗买家点击的名字,让受害者自行解包运行,此类木马在网购木马中约占45%。
Such online Trojan horse in the final layer of packaging will be renamed after some will lure buyers such as "real figure" click on the name, let the victim to unpack, such a Trojan in online shopping accounted for about 45% of the Trojan.
4)用正常软件作掩护
这类网购木马的策略主要是依附于正常的有数字证书的应用程序(比如好压),由正常程序间接运行网购木马,以躲避杀毒软件的拦截。该木马在传播时将自己的病毒dll文件命名成,连同正常的好压软件(exe文件)一同打包。网民收到文件后,运行好压的exe时会自动加载文件,而这个dll文件正是网购木马自身。病毒制作者为了欺骗网民点击,会把好压的exe文件命名为“实物图/高清图”等。此类木马在网购木马中约占30%。
This type of online shopping of Trojan horse strategy mainly attached to the normal have a digital certificate application (such as pressure), indirectly by normal program run online trojans, to avoid the interception of antivirus software. When the Trojan in the spread of virus DLL file name yourself as HaoZip. DLL, along with normal pressure good software package (exe files). Netizens after receiving the file, run a good pressure exe automatically loaded HaoZip. DLL, the DLL file is online Trojan itself. Virus makers in order to deceive users click, have good pressure exe file named "real figure/Gao Qingtu", etc. Such a Trojan in online shopping accounted for about 30% of the Trojan.
钓鱼网站
钓鱼网站是合法网站的“山寨版”,是不法分子利用各种手段,仿冒真实网站的URL地址以及页面内容,或者利用真实网站服务器程序上的漏洞在站点的某些网页中插入危险的HTML代码的假网站。网民一旦误登陆钓鱼网站,网民的银行卡或信用卡账号、密码等私人资料将被盗窃。由于钓鱼网站在外观上极象正规网站,很难分辨,因而极具欺诈性,是网购安全威胁的主要因素。
Fishing website is a legitimate web site of the "shanzhai", is the use of various means of fake real website URL and page content, or take advantage of the loopholes in real web server program at the site of some of the web page HTML code inserted into danger fake websites. Once users mistakenly website of fishing, Internet bank card or credit card Numbers, passwords and other personal information will be stolen. Since the fishing website in appearance like a regular web site, it is difficult to distinguish, and fraudulent, are the main factors of online shopping security threats.
钓鱼网站近来在全球频繁出现,严重影响了在线金融服务、电子商务的发展,危害公众利益,影响网民对互联网的信心。据金山网络云安全中心监测统计,在所有钓鱼网站中,与网购相关的大约为45%。其中假淘宝店约占32%,QQ好友被盗后发生的购物诈骗5%,假网游交易平台3%,假药店1%,假旅行社、机票销售1%,假团购网站1%[3]。
Fishing website recently frequent worldwide, serious impact on the development of online financial services, e-commerce, harm the public interest, affect Internet users on the Internet. According to the kingsoft cloud security network monitoring center statistics, in all fishing sites, related to online shopping around 45%. Fake taobao shop accounted for about 32%, QQ friends stolen happened after shopping fraud by 5%, and 3% false online trading platform, false pharmacies 1%, false travel agents, ticket sales 1%, false groupon 1% [3].
钓鱼网站的欺诈手段
钓鱼网站的推广手段多种多样,骗子通过百度知道、贴吧、SNS社交网站(微博客、开心网、人人网等)发布钓鱼网站信息。当网民搜索相关商品交易信息时,可能访问到骗子蓄意制造的钓鱼网站。接下来的盗窃过程多数会用到QQ、淘宝旺旺等聊天工具以及电子邮件、短信、论坛和博客、微博客、网游聊天频道等。常见手法如下[4]:
Phishing web site promotion means are diverse, cheat by baidu know, post bar, SNS social networking sites, microblogging, kaixin, renren, etc.), fishing website information release. When users search for related commodity trading information, access to cheat deliberately made fishing sites. The next most theft process will use chat tools such as QQ, taobao wangwang and emails, text messages, BBS and blog, micro blog, online chat channels, etc. Common method [4] as follows:
1)购物聊天暗送钓鱼网站
网民网购时,很多人选择和卖家在QQ或者旺旺聊天,收到卖家给发送的各种链接,而钓鱼网站就会掺杂其中,页面通常会模仿淘宝、拍拍、支付宝、财富通等购物相关的网站,引导消费者在假冒的网页上进行支付,实施盗窃。
Netizens online, many people choose and sellers or bilaterally chatting in QQ, received the seller to send all kinds of links, and phishing web site will be mixed among them, the page will usually imitate taobao, pat, alipay and wealth through shopping related websites, guide the consumer on the fake web site to pay, the implementation of the theft.
2)网络和短信、电话联合诈骗
民航、医院、银行等机构都会有自己的官网,来方便人们自助办理某些业务,于是相应的钓鱼网站也就应运而生。骗子首先群发短信,谎称网民有一笔交易发生,建议网民访问相关网站处理。若网民信
The civil aviation, hospitals, Banks and will have its own website, to help people self-help to handle some business, then the corresponding fishing website also arises at the historic moment. Cheater first mass text messages, that the Internet is a deal, suggest that Internet users access to related sites. If Internet users believe
