Today, I received an email from EG Passphrase,
yC0sJ6h3_passphrase@e-gold.com which I forwarded
to E-Gold for investigation. After the quoted email
that I received today from EG Passphrase, yC0sJ6h3_passphrase@e-gold.com
I have posted some Security Tips, Courtesy of Dad n Daves! Quoted Email From EGold PassPhrase You did not provide an e-gold account number in your previous e-mail
request. If you are still having trouble accessing your account, please
reply with your 6-7 digit e-gold account number. If you have forgotte
your account number, please reply with the following information you
used to open the account:
Name: Phone number: Postal address: e-mail address:
We will notify you of the account number once we have located
the account that matches the information you provide.
thank you,
e-gold Passphrase4
-----Original Message-----
From: bounce-e-gold-passphrase-511052@talk.e-gold.com
[mailto:bounce-e-gold-passphrase-511052@talk.e-gold.com]
On Behalf Of
My Email Address Sent: Friday, April 14, 2006 1:18 AM
To: e-gold passphrase Subject: [e-gold-passphrase] I can't get into my account, ap ... [PR:FUCAZXYR] Submitter IP: XX.XXX.XXX.XXX CATEGORY: PASSPHRASE
Customer Name:
My full name Email:
Phone:
ALMOST my home phone number fax: e-gold Batch:
e-gold Account: Question: I can't get into my account, a pin number wasn't
sent to me.
End Of Quoted Email These Security Tips are Courtesy of Dad n Daves HELPFUL HINTS:
IF, after entering your PIN to login to your e-gold account
number you are taken to yet another PIN screen - DO NOT enter.
Just close the browser window. This is a common sign of your
computer being infected with a very nasty thing called goldun.exe
People at the following support forum have got a solution
to help you get rid of the problem from your computer:
Tech Support Forum .
Just post in there describing your problem and they will
get back to you in no time. I have successfully used their
instructions to rescue a friend's computer AND their egold account.
Regards Trish @ dadndaves
Thanks to one of our members - here's some very interesting
(and useful!) information on e-gold hacks and how to protect yourself.
Get the word out and for heaven's sake, use firefox especially for surfing!
I've been doing some research on the egold trojan and how accounts are getting hacked. The scary part is that from what I read, most anti-virus/spyware
programs are not going to catch it because it is not in their databases yet.
Not only that, this trojan does not activate until after you have logged into
your egold and it uses your own computer to bypass every security measure, IP confirmation, password SRK, everything.
The trojan uses an exploit in IE to infect your computer.
DO NOT USE INTERNET EXPLORER. I can't stress that enough.
Download and use Firefox. Here is a description that I found
on how this trojan works:
This Trojan does not employ usual phishing techniques,
like logging user keystrokes in text files that can be
sent to a remote malicious user. Instead, whenever a user
tries to access the e-gold account login form via the URL
http://e-gold.com/acct/login.html, it opens a hidden duplicate
Internet Explorer (IE) window accessing that same URL.
It then proceeds to fill up the duplicate Web form,
which eventually leads to illegal account access.
The Trojan periodically drains the funds of the compromised
account by a certain percentage. The stolen funds are then
transferred to another e-gold account.
To be able to successfully perform this function, this Trojan
uses IE's built-in Object Linking and Embedding (OLE)
automation functions. This method is similar to API hooks
used by file-infectors. In this case, this Trojan executes
certain functions for every change in the URL address that
occurs while the user continues to navigate through the
following e-gold Web pages:
* e-gold.com/acct/acct.asp
* e-gold.com/acct/balance.asp
* e-gold.com/acct/spend.asp
* e-gold.com/acct/verify.asp
* https: //www.e-gold.com/acct/acct.asp
* https: //www.e-gold.com/acct/balance.asp
* https: //www.e-gold.com/acct/spend.asp
(Note: Object Linking and Embedding (OLE) is a compound
document standard that enables a user to create objects
with one application and then link or embed them in another
application.)
The Trojan runs on Windows 95, 98, ME, NT, 2000, and XP.
You all need to check your computers for the file named
gdiwxp.dll. This is the most recent variant of the trojan
that I could find and was still popping up in late March.
If you have this file on your computer, you are infected
with the egold trojan and and you need to get rid of it
immediately.
I don't know if the file will show up with a simple file
search, it may be a hidden. I used Hijack This to look
at my registry for the file.
You can download Hijack This for free at:
http://www.download.com/HijackThis/3...-10227353.html
This program is mainly used by people so that they can post
a registry log in the tech forums and ask for help.
Don't remove anything in your registry unless you know what
you are doing. Just look for the file containing gdiwxp.dll.
If you find the trojan on your computer, you can use
Security Task Manager to get rid of it. http://www.neuber.com/taskmanager/
Again, DO NOT USE INTERNET EXPLORER!!!!!!
One of the symptoms that you are infected with this
trojan is that you get the wrong turing number page
(at egold) every time you try to log in. On the page you
are redirected to, the links at the top of the page will
not work. There are three security recommendations we would like
to make to you in case you are not currently doing them.
1. You may want to consider book marking the e-gold
IP address versus the URL as your e-gold bookmark and
only access it via your bookmark. The IP to bookmark is
https://209.200.169.10. The reason for doing this is
there are viruses such as this one:
http://us.mcafee.com/virusInfo/defau...&virus_k=99469
that plant fake entries in the host file which windows then
uses instead of the correct IP address for the site.
Using the e-gold IP address versus the URL will bypass
this type of Trojan. Also, never access your e-gold account
via an email message even if the message appears to come
from e-gold.
2. Always use the SRK feature to access your e-gold account
never type it in! You should first change your passphrase
using the SRK feature. If your passphrase is changed using
the "SRK" feature and the account is only accessed using the
"SRK" feature, then your passphrase will be protected even if
there is a Trojan virus on your computer. However,
this is true only if you are at the correct e-gold site.
To ensure you are always at the e-gold site, you may want
to click the box next to your account number on the login
page that says, "Store my account number on my computer".
In the future when you attempt to log into your account and
if the account number is not displayed, you should be wary
of entering your passphrase because you may be at a fake
e-gold site.
a. Log into your account using your current passphrase.
b. Click on the button that says, "account info"
c. Scroll down to passphrase box and click in the box.
d. Click on the button that says SRK
e. A small window will pop up on your screen
f. Enter your new passphrase by clicking on the numbers,
letters or symbols in the pop-up window. You will
see *** being added to the passphrase box as you use
your mouse to click on the numbers, letters or symbols.
*See note
g. When ready to confirm your passphrase click on the arrow
on the bottom right hand corner of the pop-up window.
h. Confirm new passphrase using the same procedure you
followed in item #6.
i. Click update passphrase.
*Note: For upper case letter click on the upper case "ABC",
for lower case letters click on the lower case "abc",
for numbers click on the "123", for symbols click on the "sym"
3. If you are making a spend via the e-gold shopping cart
interface (SCI) always confirm you at the actual e-gold site.
To verify you are at the actual e-gold site when using the SCI spend page,
double click on the gold security lock and verify that the certificate was
issued to www.e-gold.com and that the certificate was issued by
verisign and is valid from 11/22/2004 to 12/1/2006.
You can also review the certificate details and make sure
the certificate serial number is:
F84F 522C E958 A443 5A37 8934 6D77 2D70 096C 6A82.Copyright 2005 dadndaves
End of Dad n Daves EGold Security Suggestions