马来西亚网络安全机构表示,网路骇客正透过手机简讯或社群网站讯息等等方式散播谣言,请大家停止使用Maybank2u 和CIMB Clicks,他们的目的是要植入木马程式到用户的智能手机或电脑, 民众如果不小心点击了链接,就会洩露本身手机号码、银行资料等等,所以大家要提高警惕。
无论如何,马来西亚网络安全机构强调,这2家银行的Internet backing系统还是安全的。
Kuala Lumpur, 25 September 2014 – The national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI) issued an alert to inform Maybank2U and CIMB Clicks users who use Internet Banking.
马来西亚网络安全机构(MOSTI) 发表一份通知,Maybank2u 和CIMB Clicks用户要提高警惕。
“The cyber attackers are using the Zeus Malware Family to infect computers and subsequently trick the users to collect their mobile phone numbers. The attacker will then send SMS that has link to download the malware and install in the mobile phone. However, Zeus Trojan is a known banker malware that infect computers with purpose to steal banking credentials from victims.” said Dr. Amirudin Abdul Wahab, Chief Executive Officer of CyberSecurity Malaysia.
“骇客如今使用「宙斯木马」(Zeus Trojan)又或称为「流氓软件」(Malware)「宙斯木马」攻击用户的并获取他们的流动电话号码。骇客会通过SMS,一但打开这些看似无害的邮件,程式就会潜伏于电脑或手机中,轻易盗取网民的银行帐户密码或手机代码,趁机把户头里的现金转帐到集团户头。”Dr. Amirudin Abdul Wahab大马网络安全首席执行员说到。
“We are not asking users to stop using Maybank2U and CIMB Clicks. Maybank2U and CIMB Clicks are still safe. People should continue to do Internet Banking on their computers as well as their Android smartphones. But they need to be aware of this threat, and take certain precautions. We have published an advisory on our technical website and social media.” he added.
马来西亚 网络 安全机构 强调,这2家银行的Internet backing系统还是安全的。人们还是可以继续使用智能手机处理账务,但是必须更小心留意,不要掉进陷阱。
“Please disregard the viral SMS or social media messages that are currently spreading, which are requesting users not to used Maybank2U and CIMBclicks. The message is misleading and not true. Please do not believe and forward viral SMS/social media messages that contain misleading information of bank services. Contact CyberSecurity Malaysia via email to cyber999@cybersecurity.my to verify such information or to seek our assistance.” Dr. Amirudin advises Internet Users.
“在社交媒体和网络上流传着一项错误的资讯,就是提醒用户不要使用Maybank2U and CIMBclicks,其实这是错误不实的,请不要继续将谣言传送,其实要证实消息是否属实可以通过电邮 cyber999@cybersecurity.my 向我们证实“ Dr. Amirudin 说到
The guidelines and best practices below are included in the advisory released by CyberSecurity Malaysia earlier.
For users of personal computers or laptop:
i. Install robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update regularly.
ii. Perform regular scans of your systems for malware and other risks.
iii. Operating system providers such as Microsoft, periodically releases updates and patches that improve the security of your operating system. You should periodically check for these updates and keep your system current or configure it to do so automatically.
iv. When accessing to online banking, make sure there is no pop-up/window that requires personal info such as credit card number, smartphone platform (Android/iOS) etc. Do not enter those information if requested by the popup.
v. Use only a dedicated computer or laptop to do online banking
vi. If you suspect your bank account has been compromised or spot any activity you have not authorized, please notify your banking provider immediately.
vii. Please ensure you logout properly at the end of each session by clicking log-out button. Do not exit by simply closing the browser window.
viii. If you come across anything suspicious when you do banking online such as unusual web pages asking for banking information, notify your bank provider immediately.
ix. Never respond to any email/advertisements requesting you to provide your login details or login via a link sent in an email/applications. The bank will never send you a mail or provide links in any applications like that, and such a request is likely to be a phishing attempt.
In preventing Phishing incidents, Banks / Financial Institutions we would like to advise internet users to install Anti-phishing browser add-ons such as “DontPhishMe” that can help to alert and prevent users from visiting phishing websites and prevent them from disclosing their credential on the phishing websites;
Note: Users can download “DontPhishMe” from MyCERT website.
For Smartphone Users:
Verify an app’s permission and the app’s author or publisher before installing it.
Do not click on adware or suspicious URL sent through SMS/messaging services. Malicious program could be attached to collect user’s information.
Since URL on mobile site appears differently from desktop browser, make sure to verify it first.
Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly.
Do not use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use. These can be open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user’s smartphone/tablet.
Update the operating system and applications on smartphone/tablet, including the browser, in order to avoid any malicious exploits of security holes in out-dates versions.
Do not root or otherwise ‘Jailbreak’ your phone; avoid side loading (installing from non-official sources) when you can. If you do install Android software from a source other than the Market, be sure that it is coming from a reputable source.
We would like to advise Internet users to reporting any cyber security incidents to CyberSecurity Malaysia’s Cyber999 Help Centre through various channels as follows:
Email: cyber999@cybersecurity.my
Call 1-300-88-2999 (during office hour) or +6019-2665850 (24 hours)
SMS: Type , and send to 15888
Fax: +603 – 8945 3442
Online reporting:
Go to www.mycert.org.my
or www.cybersecurity.my
or www.cybersafe.my
or http://www.mycert.org.my/report_incidents/online_form.html
*CyberSecurity Malaysia issued advisory and guidelines to ensure continued safe use of Maybank2u and CIMB Clicks
原文:http://www.988.com.my/uncategorized/computer-financial-malware-now-smartphones/
0 意見:
发表评论