Author Topic: E-GOLD SECURITY WARNING.----Please READ!!!  (Read 3697 times)

0 Members and 1 Guest are viewing this topic.

Offline admin

  • Administrator
  • *****
  • Posts: 3,006
  • Karma: +30/-0
    • View Profile
E-GOLD SECURITY WARNING.----Please READ!!!
« on: December 18, 2006, 01:16:04 AM »
Rule No 1 Always use firefox especially for surfing!

Internet Explorer is the main reason e-Gold accounts can get hacked. Hackers can get into your system and plant trojans even if your anti virus software is up to date.
A Trojan can activate after you have logged into your egold and uses your own computer to bypass every security measure, IP confirmation, password SRK, everything.

The trojan uses an exploit in IE to infect your computer. DO NOT USE INTERNET EXPLORER. I can't stress that enough. Download and use Firefox. Here is a description that I found on how this trojan works:

This Trojan does not employ usual phishing techniques, like logging user keystrokes in textfiles that can be sent to a remote malicious user. Instead, whenever a user tries to access the e-gold account login form via the URL http://e-gold.com/acct/login.html, it opens a hidden duplicate Internet Explorer (IE) window accessing that same URL. It then proceeds to fill up the duplicate Web form, which eventually leads to illegal account access.

The Trojan periodically drains the funds of the compromised account by a certain percentage. The stolen funds are then transferred to another e-gold account. To be able to successfully perform this function, this Trojan uses IE's built-in Object Linking and Embedding (OLE) automation functions. This method is similar to API hooks used by file-infectors. In this case, this Trojan executes certain functions for every change in the URL address that occurs while the user continues to navigate through the following e-gold Web pages:
* e-gold.com/acct/acct.asp
* e-gold.com/acct/balance.asp
* e-gold.com/acct/spend.asp
* e-gold.com/acct/verify.asp
* https: //www.e-gold.com/acct/acct.asp
* https: //www.e-gold.com/acct/balance.asp
* https: //www.e-gold.com/acct/spend.asp

(Note: Object Linking and Embedding (OLE) is a compound document standard that enables a user to create objects with one application and then link or embed them in another application.)
The Trojan runs on Windows 95, 98, ME, NT, 2000, and XP.  You all need to check your computers for the file named gdiwxp.dll. This is the most recent variant of the trojan that I could find and was still popping up in late March. If you have this file on your computer, you are infected with the egold trojan and and you need to get rid of it immediately. I don't know if the file will show up with a simple file search, it may be a hidden. I used Hijack This to look at my registry for the file. You can download Hijack This for free at: www.download.com

This program is mainly used by people so that they can post a registry log in the tech forums and ask for help. Don't remove anything in your registry unless you know what you are doing. Just look for the file containing gdiwxp.dll. If you find the trojan on your computer, you can use Security Task Manager to get rid of it. www.neuber.com I also noticed that RegRun has this file in their trojan database and can remove it for you. www.greatis.com Again, DO NOT USE INTERNET EXPLORER!!!!!! One of the symptoms that you are infected with this trojan is that you get the wrong turing number page (at egold) every time you try to log in. On the page you are redirected to, the links at the top of the page will not work.

There are three security recommendations we would like to make to you in case you are not currently doing them.
1. You may want to consider book marking the e-gold IP address versus the URL as your e-gold bookmark and only access it via your bookmark. The IP to bookmark is https://209.200.169.10. The reason for doing this is there are viruses such as this one: http://us.mcafee.com/virusInfo
that plant fake entries in the host file which windows then uses instead of the correct IP address for the site. Using the e-gold IP address versus the URL will bypass this type of Trojan. Also, never access your e-gold account via an email message even if the message appears to come from e-gold.

2. Always use the SRK feature to access your e-gold account never type it in! You should first change your passphrase using the SRK feature. If your passphrase is changed using the "SRK" feature and the account is only accessed using the "SRK" feature, then your passphrase will be protected even if there is a Trojan virus on your computer. However, this is true only if you are at the correct e-gold site. To ensure you are always at the e-gold site, you may want to click the box next to your account number on the login page that says, "Store my account number on my computer". In the future when you attempt to log into your account and if the account number is not displayed, you should be wary of entering your passphrase because you may be at a fake e-gold site.
a. Log into your account using your current passphrase.
b. Click on the button that says, "account info"
c. Scroll down to passphrase box and click in the box.
d. Click on the button that says SRK
e. A small window will pop up on your screen
f. Enter your new passphrase by clicking on the numbers, letters or symbols in the pop-up window. You will see *** being added to the passphrase box as you use your mouse to click on the numbers, letters or symbols. *See note
g. When ready to confirm your passphrase click on the arrow on the bottom right hand corner of the pop-up window.
h. Confirm new passphrase using the same procedure you followed in item #6.
i. Click update passphrase.
*Note: For upper case letter click on the upper case "ABC", for lower case letters click on the lower case "abc", for numbers click on the "123", for symbols click on the "sym"
3. If you are making a spend via the e-gold shopping cart interface (SCI) always confirm you at the actual e-gold site.
To verify you are at the actual e-gold site when using the SCI spend page, double click on the gold security lock and verify
that the certificate was issued to www.e-gold.com and that the certificate was issued by verisign and
is valid from 11/22/2004 to 12/1/2006. You can also review the certificate details and make sure the certificate serial
number is: F84F 522C E958 A443 5A37 8934 6D77 2D70 096C 6A82.

4. One more rule to remember when using E-gold - NEVER USE A PROXY
never use a proxy server (unless you are using your own TOR server, etc) to access your E-Gold account. Any proxy can easily parse out username and password information because all data you send or recieve is transmitted throught the proxy. AND, your last ip registered with E-Gold will be the proxy's ip address, which means an Acc-Sent pin would not be sent if somebody tried to login to your account through the same proxy.

                                                    Original author--- C4G member leigh05 and C4G-Dave

Offline sarsons

  • Hero Member
  • *****
  • Posts: 550
  • Karma: +12/-0
    • View Profile
Re: E-GOLD SECURITY WARNING.----Please READ!!!
« Reply #1 on: December 18, 2006, 01:21:05 PM »
Is this true using IE7.0 ??

I use FF but also use IE 7.0 (not for egold lol)

Also I'm slightly concerned that someone gives us an address to use when logging in.... the IP one.

How do we know that thjis isn't a fake site which looks like the egold login site?

We don't so I wouldn't use that address supplied to login i'm afraid.

I do not know these authors so cannot trust them so can't use their link. Who knows where it actually leads?
« Last Edit: December 18, 2006, 01:23:31 PM by sarsons »

Offline aliceyaya

  • Newbie
  • *
  • Posts: 31
  • Karma: +2/-0
    • View Profile
Re: E-GOLD SECURITY WARNING.----Please READ!!!
« Reply #2 on: December 18, 2006, 02:05:44 PM »
Thanks you for your good post to share in case we would get the virus without knowing it.
« Last Edit: December 20, 2006, 12:37:55 PM by aliceyaya »

Offline admin

  • Administrator
  • *****
  • Posts: 3,006
  • Karma: +30/-0
    • View Profile
Re: E-GOLD SECURITY WARNING.----Please READ!!!
« Reply #3 on: December 19, 2006, 06:02:07 AM »
Is this true using IE7.0 ??

I use FF but also use IE 7.0 (not for egold lol)

Also I'm slightly concerned that someone gives us an address to use when logging in.... the IP one.

How do we know that thjis isn't a fake site which looks like the egold login site?

We don't so I wouldn't use that address supplied to login i'm afraid.

I do not know these authors so cannot trust them so can't use their link. Who knows where it actually leads?


sarsons, i know the authors, don't worry, the link in this thread is safety.
Quote
How do we know that thjis isn't a fake site which looks like the egold login site?

Only recognize E-gold.com ,it's enough.

Offline sarsons

  • Hero Member
  • *****
  • Posts: 550
  • Karma: +12/-0
    • View Profile
Re: E-GOLD SECURITY WARNING.----Please READ!!!
« Reply #4 on: December 19, 2006, 11:45:20 AM »
Ok, thanks

Offline sharapovamat

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: E-GOLD SECURITY WARNING.----Please READ!!!
« Reply #5 on: December 21, 2006, 05:14:04 PM »
Thanks for share ................... ......