Portal
The following are a few posts taken from another forum that is closing.
I wanted to grab this info before it was too late...
Very recently, a rash of attacks have been reported by victims that had their eGold accounts cleaned out at the same time they were in their eGold account. Their anti-trojan and anti-virus software didn't detect the trojan program they had picked up which was remotely feeding their internet activitys to the hackers view screen.
One of the victims used robo form, others used very long complicated passphrases, that didn't make any difference, the hacker simply watched and waited for the account owner to login before cleaning that eGold account out.
In almost all cases, a properly secured firewall locking out all non essential outside ports would have prevented those losses. In order for those keyloggers and concurrent remote feed sessions to be successful, they have to use additional outside ports from your computer to relay that information back to the hacker.
In nearly all cases the most widely used avenue is thru a mIRC relay. Those are easy to spot if you are technically minded regarding your firewall ports. Here is a quick alternative.
Steps to do just prior to accessing your eGold account
Click on the Ms-Dos Icon if you have one to pull up the Dos Command Prompt. C:>
Then simply enter the following command into the windows DOS command prompt:>
netstat -an | find ":6667"
hit enter and then repeat with this:
netstat -an | find ":113 "
If both of those separate requests come back empty, or has no response that's what you want. If either one comes up as Established and you are NOT running any mIRC scripting TCP internet relay chat channels then YOU KNOW IMMEDIATELY there is a problem. That DOS command searches for specific network status on those two specific ports, if its finds any, it reports back with that information along with a confirmation of 'Established'. Port 6667 is the default and most widely used port for mIRC relays, double checking Port 113 also minimizes any additional danger.
The piping symbol | you need to include in those above Dos Commands is shift \ (Shift plus the forward slash symbol).
Dos commands do not support copy and paste, you'll need to write that down in your windows notepad or on paper and manually type those two commands one at a time at the Dos Prompt.
C:>netstat -an | find ":6667"
then
C:>netstat -an | find ":113 "
-------
thanks for the info... your tips are very informative.
just curious though - if you enable e-gold's 'accsent' ip-address change detection which sends a pin to your email address which you must enter to get into the account, doesn't this effectively shutdown this little trick?
Unfortunately NO. The concurrent session is piggy backed on your computer. The Accu-Sent system would see YOU, your browser, your IP address and wouldn't see that someone has piggy backed onto your computer and online session.
Unless someone watched their bandwidth going out very carefully, they probably wouldn't notice the slight drag if they used a broadband connection. OF course for the hacker, that's the whole idea is to be invisible until the victim logs into a online account such as eGold.
Again, in order for the trojan program to relay your security information to the hacker, it must open a Port on your computer. That simple test shows if two of the most used possible ports ( 6667, 113 ) is active or not, if one or both show they are established then you immediately know there is a problem before you put yourself at risk.
------------------
I have no clue about dos and//^> things like that..
I'm not sure how to make the steps and example any easier than suggesting to someone to:
Click on the icon that says, 'MS-DOS'
type in at the prompt>
netstat -an | find ":6667"
hit enter and then repeat with this:
netstat -an | find ":113 "
(the piping symbol | is the result of using the shift key and (forward slash key) at the same time).
IF that is too ackward or difficult then try this:
Copy and paste the following into your Windows Notepad, and then save the following code as TrojanHunter.bat
rem Trojan Relay Port Hunter
echo off
cls
netstat -an | find ":6667"
pause
netstat -an | find ":113 "
pause
rem end of simple code
Check to make sure the file was saved as TrojanHunter.bat and NOT TrojanHunter.txt, if it was saved as a .txt file, rename it to .bat
Then simply double click on that file to activate it, each trojan port scan ( 6667 and 113 ) issues a press any key to continue prompt, allowing you to view any results before proceeding. What you want to see is NO RESULTS, nothing established, only Two prompts telling you to press any key to continue.
Uses would be:
Simply double clicking on the TrojanHunter.bat file just prior to your eGold session to double check for trojan relays existing on your desktop computer.
----------------
for anyone that can't work out what to do.
Right click on this link and save the file to your desktop
http://hyipsystems.com/TrojanHunter.bat
then just double click it to run the test.
If for some reason you cannot download the TrojanHunter.bat batch file, you can find the DOS prompt (the bit harder but exploratory way) in Windows XP by:
Click Start, then All Programs, then Accessories, then Command Prompt
------------------
correct me if I am wrong - that it wouldn't have mattered if I logged in to my second "secret" egold account, to which only I know the account number, but that could have been in jeopardy if my firewall were not doing its job?
Unfortunately YES, with the highjacked session, the hacker on the other end would only have to wait until someone had entered into a secure eGold account and since most people check their eGold balances right away, they could actually bide their time waiting for the most opportune moment and sizeable theft.
Session highjacking explains how some of the unexplained eGold thefts had occured with individuals that had their Accu-Sense(tm) eGold set to High and Browser check enabled. Normally, those two settings do a fine job at protecting your eGold account. However with the highjacked session, software security tools like roboform(tm), or long complicated passpharses, and eGold's Accu-Sense(tm) set to High and Browser enabled is not going to save the day as it previously has.
The highjacking technique could get into any online banking account the user enters. The only current way I foresee preventing that is to get aquainted with your firewall software and hardware, actively checking to see what ports your computer uses for its browser and email software and if you see or notice any other computer ports open or being opened then you know there's a possible problem onboard.
Running the TrojanHunter at the very last minute (as suggested) before you go and log-in to your online banking or eGold account(s) represents a last stand defense against a possible highjacking, not a end all tool.
---------------
I wanted to grab this info before it was too late...
Very recently, a rash of attacks have been reported by victims that had their eGold accounts cleaned out at the same time they were in their eGold account. Their anti-trojan and anti-virus software didn't detect the trojan program they had picked up which was remotely feeding their internet activitys to the hackers view screen.
One of the victims used robo form, others used very long complicated passphrases, that didn't make any difference, the hacker simply watched and waited for the account owner to login before cleaning that eGold account out.
In almost all cases, a properly secured firewall locking out all non essential outside ports would have prevented those losses. In order for those keyloggers and concurrent remote feed sessions to be successful, they have to use additional outside ports from your computer to relay that information back to the hacker.
In nearly all cases the most widely used avenue is thru a mIRC relay. Those are easy to spot if you are technically minded regarding your firewall ports. Here is a quick alternative.
Steps to do just prior to accessing your eGold account
Click on the Ms-Dos Icon if you have one to pull up the Dos Command Prompt. C:>
Then simply enter the following command into the windows DOS command prompt:>
netstat -an | find ":6667"
hit enter and then repeat with this:
netstat -an | find ":113 "
If both of those separate requests come back empty, or has no response that's what you want. If either one comes up as Established and you are NOT running any mIRC scripting TCP internet relay chat channels then YOU KNOW IMMEDIATELY there is a problem. That DOS command searches for specific network status on those two specific ports, if its finds any, it reports back with that information along with a confirmation of 'Established'. Port 6667 is the default and most widely used port for mIRC relays, double checking Port 113 also minimizes any additional danger.
The piping symbol | you need to include in those above Dos Commands is shift \ (Shift plus the forward slash symbol).
Dos commands do not support copy and paste, you'll need to write that down in your windows notepad or on paper and manually type those two commands one at a time at the Dos Prompt.
C:>netstat -an | find ":6667"
then
C:>netstat -an | find ":113 "
-------
thanks for the info... your tips are very informative.
just curious though - if you enable e-gold's 'accsent' ip-address change detection which sends a pin to your email address which you must enter to get into the account, doesn't this effectively shutdown this little trick?
Unfortunately NO. The concurrent session is piggy backed on your computer. The Accu-Sent system would see YOU, your browser, your IP address and wouldn't see that someone has piggy backed onto your computer and online session.
Unless someone watched their bandwidth going out very carefully, they probably wouldn't notice the slight drag if they used a broadband connection. OF course for the hacker, that's the whole idea is to be invisible until the victim logs into a online account such as eGold.
Again, in order for the trojan program to relay your security information to the hacker, it must open a Port on your computer. That simple test shows if two of the most used possible ports ( 6667, 113 ) is active or not, if one or both show they are established then you immediately know there is a problem before you put yourself at risk.
------------------
I have no clue about dos and//^> things like that..
I'm not sure how to make the steps and example any easier than suggesting to someone to:
Click on the icon that says, 'MS-DOS'
type in at the prompt>
netstat -an | find ":6667"
hit enter and then repeat with this:
netstat -an | find ":113 "
(the piping symbol | is the result of using the shift key and (forward slash key) at the same time).
IF that is too ackward or difficult then try this:
Copy and paste the following into your Windows Notepad, and then save the following code as TrojanHunter.bat
rem Trojan Relay Port Hunter
echo off
cls
netstat -an | find ":6667"
pause
netstat -an | find ":113 "
pause
rem end of simple code
Check to make sure the file was saved as TrojanHunter.bat and NOT TrojanHunter.txt, if it was saved as a .txt file, rename it to .bat
Then simply double click on that file to activate it, each trojan port scan ( 6667 and 113 ) issues a press any key to continue prompt, allowing you to view any results before proceeding. What you want to see is NO RESULTS, nothing established, only Two prompts telling you to press any key to continue.
Uses would be:
Simply double clicking on the TrojanHunter.bat file just prior to your eGold session to double check for trojan relays existing on your desktop computer.
----------------
for anyone that can't work out what to do.
Right click on this link and save the file to your desktop
http://hyipsystems.com/TrojanHunter.bat
then just double click it to run the test.
If for some reason you cannot download the TrojanHunter.bat batch file, you can find the DOS prompt (the bit harder but exploratory way) in Windows XP by:
Click Start, then All Programs, then Accessories, then Command Prompt
------------------
correct me if I am wrong - that it wouldn't have mattered if I logged in to my second "secret" egold account, to which only I know the account number, but that could have been in jeopardy if my firewall were not doing its job?
Unfortunately YES, with the highjacked session, the hacker on the other end would only have to wait until someone had entered into a secure eGold account and since most people check their eGold balances right away, they could actually bide their time waiting for the most opportune moment and sizeable theft.
Session highjacking explains how some of the unexplained eGold thefts had occured with individuals that had their Accu-Sense(tm) eGold set to High and Browser check enabled. Normally, those two settings do a fine job at protecting your eGold account. However with the highjacked session, software security tools like roboform(tm), or long complicated passpharses, and eGold's Accu-Sense(tm) set to High and Browser enabled is not going to save the day as it previously has.
The highjacking technique could get into any online banking account the user enters. The only current way I foresee preventing that is to get aquainted with your firewall software and hardware, actively checking to see what ports your computer uses for its browser and email software and if you see or notice any other computer ports open or being opened then you know there's a possible problem onboard.
Running the TrojanHunter at the very last minute (as suggested) before you go and log-in to your online banking or eGold account(s) represents a last stand defense against a possible highjacking, not a end all tool.
---------------
