No Bullshit HYIP Blog, A Part of No Bullshit Network

An abstract from HYIPDiscussion which i thought might be informative to E-gold users.

Thank you for bringing this matter to our attention. We have investigated
acct #2575225 and have placed a value limit on their account which will
prevent them from receiving any further spends into their account.
Unfortunately we will not be able to refund your money because an e-gold
spend is not reversible as stated in the e-gold account user at
http://www.e-gold.com/unsecure/e-g-agree.htm.

If your account was compromised while AccSent was enabled, there is a high
probability that you either have a security hole in your computer, which
allowed hackers to take control of your computer or you have a Trojan virus,
spyware or keylogger software installed on your computer because someone not
only had access to your e-gold passphrase, they also had access to your
email address password. AccSent monitors account access attempts and issues
a one-time PIN challenge to those coming from IP address ranges or browsers
that differ from the last authorized account access. Your account was
accessed from remoteip ‘205.209.153.104′ and a pin was sent to the email
address on the account. The person logged into your email account and
retrieved the pin, accessed your e-gold account and made an unauthorized
spend from the account.

Until you remove the malicious software from your computer, your account is
still vulnerable. Your email account has also been compromised so it is
important that you change the password for your account after your computer
is cleaned. If the malicious software is still on your computer, someone is
able to read your emails, delete your emails or send emails from your
account.

The only other way your account could have been compromised is if you
received a phishing email with a link for you to click on to access your
account. If you clicked on the link and went to a fake e-gold site and
entered your e-gold account information along with your email account
information, your account could have been compromised without malicious
software being installed on your computer.

Have you received any emails within the past few weeks, which appeared to
come from e-gold requesting that you log into your account? Did the email
contain a link or an attachment? Did you attempt to open the attachment?
Did you click on the link or attempt to access your account from a link in
this email?

Have you run a complete virus scan of all computers used to access your
account with updated anti-virus software? You should also check your
computer for Spyware and Trojan keyloggers. Some people mistakenly assume
that anti-virus software protects them from keyloggers and Spyware. Most
anti-virus software does not adequately check for keyloggers and Spyware.
If you have checked all the computers used to access your account with only
an anti virus software, we strongly recommend you use a software that
specifically checks for Spyware and keyloggers.

There are Trojans keyloggers that monitors Internet Explorer windows until a
user visits the e-gold login page: e-gold.com/acct/login.html. Once the
user is logged in, the Trojan opens a hidden Internet Explorer window in
which it accesses the user’s account balance: e-gold.com/acct/balance.asp.
After ascertaining the value of the user’s account it attempts to transfer
their funds to another account using the hidden window.

The two Trojans we are aware of are:

Win32.Grams.I -
http://www3.ca.com/securityadvisor/v….aspx?id=41657

TROJ_GETEGOLD.C -
http://www.trendmicro.com/vinfo/viru…e=TROJ_GETEGOL
D.C

Most viruses are conveyed by spammed e-mail in the form of HTML messages.
The scripts run on viewing, no clicking on attachments is necessary. They
may also arrive as image attachments. Once the image is viewed, the program
is executed. Either way, the system is now infected and is just waiting for
you to check your e-gold account balance.

You can protect yourself by:

* Using another browser instead of Internet Explorer (IE). Firefox by
Mozilla is an excellent choice. You can visit www.mozilla.org for more
information.
* Do Not auto-preview incoming e-mail.
* Do Not open obvious spam.
* Do run a full virus scan regularly.

You may want to also specifically look for the following Trojan to see if it
is installed on your computer: TROJ_BANKER.BS. Troj/Banker-AM is a Trojan
that steals bank details. In order to run automatically on login the Trojan
copies itself to the file svhost.exe in the Windows folder and adds the
following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Shell
=C:\Windows\svhost.exe

Troj/Banker-AM installs itself as an Internet Explorer plugin in order to
monitor the URLs visited by the user. When one of a specific set of
banking-related URLs is visited, the Trojan logs all inputted details and
submits them to the author using a PHP script on a preconfigured web site.

This Trojan installs a keylogger on affected machines. It monitors a user’s
Internet browser and verifies if the address bar contains any of the
following strings:
· *abc517.net*
· *e-gold*
· *e-gold.com/acct/accountinfo.asp*
· *e-gold.com/acct/balance.asp*
· *e-gold.com/acct/login.html*
· https://www.e-gold.com/acct/accountinfo.asp
· https://www.e-gold.com/acct/balance.asp

Once it detects that affected users are browsing over the said sites, it
starts logging keystrokes made by the said users. It eventually sends the
logged keystrokes to a remote user. It runs on Windows 95, 98, ME, NT, 2000,
and XP.

We investigated and placed a value limit on account #2575140 and #2575225 to
prevent it from receiving additional funds. Unfortunately we will not be
able to refund your money because all e-gold spends are final and not
reversible as stated in the e-gold account user agreement. e-gold is also
contractually prohibited from freezing e-gold accounts or releasing e-gold
account information in the absence of a court order or subpoena. You might
want to consider obtaining some combination of help from a legal
professional or law enforcement to obtain a court order, if the size of your
loss warrants expenditure of your resources (time and money) to resolve.

If you obtain a court order, in order to ensure you get all pertinent
information please:

- Ask for e-gold account profile information for account #2575140 and
#2575225
- Ask for transaction history information for account #2575140 and #2575225
- Ask for information on any other accounts owned or controlled by the
individual
- Ask for Disposition of funds in questions “what account are the funds
currently located, this is in case they have been moved around”
- If applicable, ask for stabilization of the funds in question “freezing of
the account if the funds are still under the control of the perpetrator”
- Ask for account profile information for the account where the funds are
currently located. This will be needed in case you have to subpoena the
third party account owner.

This court order should be presented by fax (initially) and then with hard
copy to:

e-gold Ltd.
c/o The Office of the Shareholders
Attn: Hil de Frias
Mello, Jones & Martin
Reid House 31 Church Street
Hamilton
Bermuda, HM 12
FAX: 441 296-4172

Thank you,
e-gold Service

—–Original Message—–
From: xxx@xxx.xxx
Sent: Sunday, November 13, 2005 7:59 PM
To: Abuse-EG
Subject: [e-gold-abuse] Batch: 51207941 Their E-gold: … [PR: BVUXSASW]

Submitter IP: xx.xxx.xxx.xx
CATEGORY: ABUSE
Customer Name: Hollice Dickens
Email: xxx@xxx.xxx
Phone:
Fax:
e-gold Batch: 51207941
e-gold Account: xxx
Question: Batch: 51207941
Their E-gold: 2575140
Amount: xx.xxUSD
To: E-Currency Exchange Service

I DID NOT authorize this payment.
I would like to report that my account was hacked.
I did change my passphrase, I do always use your SRK.
My login settings are on highest security.

Any other suggestions of what else I can do to prevent this from happening
again?

Advance Thank You,
Hollice Dickens

Popularity: 2% [?]

Share This