Trojan Horse is rampant: NET silver thieves began to attack digital certificate

Yesterday, China Financial Certification Center (CFCA) deputy general manager Caoxiaoqing revealed that, according to the CFCA of the latest monitoring found that the net silver thieves to the net silver attack means, technology has accelerated the trend of updating, has been from the attack password to attack digital certificates. NET silver users if only download the digital certificate stored in the computer's IE browser, then its net bank account still exists risk ——— digital certificate may be stolen by computer infected with Trojan virus.

CFCA monitoring found that the current online banking transactions are facing two main security risks: One is the premise of not applying for a digital certificate, the net Silver user password is stolen, resulting in the theft of funds; another is that, although the application of digital certificates, but due to the lack of proper custody, the net silver theft Trojan virus to breach the computer containing digital certificates , which in turn resulted in the theft of funds.

Caoxiaoqing revealed that in order to enhance the security of net silver, the regulator will require banks to ban electronic banking "username + password" Network silver trading, because in this mode, if the net silver users do not apply for a digital certificate, its network silver password is easy to phishing, fake web sites, scams and other ways to cheat messages. For example, he said, recently cracked a network of silver theft cases, criminals with 80 common password, unexpectedly "guess" on tens of thousands of accounts.

However, even if the net silver users apply for a digital certificate, but will download it on the computer IE browser (referred to as "soft certificate"), there are still risks ——— certificate by Trojan virus decipher.

It is understood that so far, the field of silver has not yet appeared a case of digital certificate security mechanism was breached and the user funds damaged cases. At present, some of the new cases of net bank embezzlement are not the digital certificate mechanism itself is not safe, but the user in the custody and use of digital certificates in the process of problems.

"Keeping digital certificates is critical. "Caoxiaoqing suggested that the current more scientific, the safest way is to download the digital certificate in Usbkey (like U disk, the industry called" Hard Certificate "), digital certificates only packaged inside and be carried by users, Trojan virus will be helpless.

CFCA suggested that the safekeeping of digital certificates must do the following three: first of all, it is necessary to put the digital certificate in the Usbkey, the transaction, inserted in the computer USB interface, after the transaction is completed in a timely manner to ensure the safekeeping of the certificate, if the Usbkey of digital certificates are damaged, lost, to timely