Saturday, January 19, 2008
How to Prevent Hackers From Entering Your eGold Account
If your account was compromised while AccSent was enabled, there is a high probability that you either have a security hole in your computer, which allowed hackers to take control of your computer or you have a Trojan virus, spyware or keylogger software installed on your computer because someone not only had access to your e-gold passphrase, they also had access to your email address password. AccSent monitors account access attempts and issues a one-time PIN challenge to those coming from IP address ranges or browsers that differ from the last authorized account access. Your account was accessed from remoteip 188.8.131.52 and a pin was sent to the email address on the account. The person logged into your email account and retrieved the pin, accessed your e-gold account and made an unauthorized spend from the account. Until you remove the malicious software from your computer, your account is still vulnerable. Your email account has also been compromised so it is important that you change the password for your account after your computer is cleaned. If the malicious software is still on your computer, someone is able to read your emails, delete your emails or send emails from your account. The only other way your account could have been compromised is if you received a phishing email with a link for you to click on to access your account. If you clicked on the link and went to a fake e-gold site and entered your e-gold account information along with your email account information, your account could have been compromised without malicious software being installed on your computer. Have you received any emails within the past few weeks, which appeared to come from e-gold requesting that you log into your account? Did the email contain a link or an attachment? Did you attempt to open the attachment? Did you click on the link or attempt to access your account from a link in this email? Have you run a complete virus scan of all computers used to access your account with updated anti-virus software? You should also check your computer for Spyware and Trojan keyloggers. Some people mistakenly assume that anti-virus software protects them from keyloggers and Spyware. Most anti-virus software does not adequately check for keyloggers and Spyware. If you have checked all the computers used to access your account with only an anti virus software, we strongly recommend you use a software that specifically checks for Spyware and keyloggers. There are Trojans keyloggers that monitors Internet Explorer windows until a user visits the e-gold login page: e-gold.com/acct/login.html. Once the user is logged in, the Trojan opens a hidden Internet Explorer window in which it accesses the user s account balance: e-gold.com/acct/balance.asp. After ascertaining the value of the user s account it attempts to transfer their funds to another account using the hidden window. Most viruses are conveyed by spammed e-mail in the form of HTML messages. The scripts run on viewing, no clicking on attachments is necessary. They may also arrive as image attachments. Once the image is viewed, the program is executed. Either way, the system is now infected and is just waiting for you to check your e-gold account balance. You can protect yourself by: * Using another browser instead of Internet Explorer (IE). Firefox by Mozilla is an excellent choice. You can visit mozilla.org for more information. * Do Not auto-preview incoming e-mail. * Do Not open obvious spam. * Do run a full virus scan regularly. As of today we know specifically of 10 viruses that could cause a problem similar to the one you are having. 1. Win32/Goldun.ia (One customer said he did not find anything when he ran Norton and McAfee anti-virus software, but he found the Win32/Goldun.ia Trojan when he used a software called Kaspersky ) 2. T SPY_HAXDORY (A customer who was receiving the fake login confirmation page located a virus with Trend Micro Housecall identified as T SPY_HAXDORY. Removing this seemed to solve the problem without having to reinstall windows.) 3. TROJ_GOLDUN.DO which has a file named CPU.EXE found in the c:windows directory. This was found with Trend Micro s PC-cillin. 4. cpu.exe (Aladinz.l Trojan) more information regarding this virus can be found at auditmypc.com/process/cpu.asp 5. GDIWXP.DLL 6. pwsteal.trojan 7. Win32.Grams.I which monitors Internet Explorer windows until the user visits the e-gold login page: e-gold.com/acct/login.html. Once the user is logged in Grams opens a hidden Internet Explorer window in which it accesses the user s account balance: e-gold.com/acct/balance.asp 8. Trojan.LdPinch.L 9. Trojan.PWS.GoldSpy e.exe in Directory D:Documents and Settings 10. mssync20.exe copies in the windowssystem32 directory. This is a root kit who is only detectable by its activity with antivirus programs. You can use the Kaspersky antivirus. It is called rootkit in the internet, this detects it with some antirootkits, Once customer said, the best for me was Iceword. You have to remove it manually in secure mode in windows and search the registry keys (more then 15). We investigated and placed a block on account #4644717 to prevent it from receiving additional funds. Unfortunately we will not be able to refund your money because all e-gold spends are final and not reversible as stated in the e-gold account user agreement. e-gold is also contractually prohibited from freezing e-gold accounts or releasing e-gold account information in the absence of a court order or subpoena. You might want to consider obtaining some combination of help from a legal professional or law enforcement to obtain a court order, if the size of your loss warrants expenditure of your resources (time and money) to resolve.