Phishing Virus Help

Snaquebite · 05-05-2010, 11:49

At least that's what I think it is..

On occasion when I go to on-line banking or other accounts dealing with "money" when I try to log in a screen comes up asking me for ALL if the acct info. It wants PIN, ACCT NR, CVC, etc etc.

Since I have some SA I realize there is something wrong and usually can sign in through another portal or link.

I've run every spyware and mlware program I have but can't seem to stop this.

Any suggestons?

Irishsquid · 05-05-2010, 11:54

Sounds almost like a "Man in the Middle," attack, or DNS poisoning. Check your SSL certificates...make sure they are valid, not expired, and issued by a reputable CA...and that they are the CORRECT certificates for the site you are trying to hit.

Also, try running a "netstat -a," from the DOS prompt. That'll show you all your open connections. Look for connections to an unfamiliar IP address, or for listening ports that shouldn't be listening. That can be a big clue for malware on your system.

Snaquebite · 05-05-2010, 12:09

I understand what you are saying about certs, but how do recognize which ones are bad?
If I remove too many or the wrong ones what's the damage?

JJ_BPK · 05-05-2010, 13:59

Quote:

Originally Posted by Snaquebite

I understand what you are saying about certs, but how do recognize which ones are bad?
If I remove too many or the wrong ones what's the damage?

As I understand Certs, they are a bit like a cookie, If you clean them up. the next time you go to a site that your system questions the Cert, You can OK the Cert and get the latest level, or block access.

My SIL got me started using FireFox and I added several security add-ons. It now stops at just about every site and wants to block something. Bit of a pain, but I had problems with a virus in a java script,, it's worth the hassle..

BetterPrivacy
Java COnsole
NoScript
Targeted Advertising Cookie opt-out
SpellBound - no security, but helps

Snaquebite · 05-05-2010, 14:16

Cleaned up some certs and things are better. I still have a ton of certs I have no idea what they are...Thinking of cleaning them all out and jusr re-cert when I need to.......

CommoNCO · 05-05-2010, 14:25

Sir,

The scrubbing of certs, followed by re-verifying as needed is probably the best idea.

The Army Information Assurance Network is a great source for everyone with AKO access. This page is frequently updated, and is a great security resource.

https://www.us.army.mil/suite/grouppage/97390