 |
|
I think I was Pharmed!
Submitted by lilmsladybird on August 1, 2007 - 10:44am.
I believe, unfortunately, that I was pharmed at what I thought was my online banking website. I've changed my log- in and password at the correct site, but what I'm trying to figure out is if the culprit originated in my computer or if was a weakness in the security at my bank. Just curious to know if anyone else has had a similar situation, and how you dealt with it. I run adware and spyboot daily on both my laptop and desktop computers.
Thanks- lmlb        GuG-Points: 1079 Last Seen: 08/28/2008 - 8:40pm Location: Deserts of Arizona I am: Voting for Obama Re: I think I was Pharmed!
August 1, 2007 - 2:03pm
I haven't been pharmed, but the few cases I've heard of usually originated out of email that provided a link to a fake site. You may want to check your inbox for something like that. Do you use a mail client (outlook, etc) for your email? I do not feel obliged to believe that same God who endowed us with sense, reason, and intellect had intended for us to forgo their use. -Galileo Galilei   GuG-Points: 7 Last Seen: 07/13/2008 - 10:15am Location: Illinois Re: I think I was Pharmed!
August 1, 2007 - 5:04pm
 GuG-Points: 700 Last Seen: 08/09/2008 - 7:35am I am: Not really paying attention Re: I think I was Pharmed!
August 2, 2007 - 7:14am
Did you type the URL yourself correctly? That's a biggie - a scammer knows human error well and will buy the URLs to common typos. As an example, hallmark.com when mistyped hallamrk.com was a site that would fill your screen with malicious toolbar download boxes and popups. So bnakofamerica.com might just be an exact copy of bankofamerica.com and you wouldn't know. If you got there using a bookmark, then it could be a bank security hole. Banks have pretty tight IT security departments. I'd start with them before assuming anything else unless there's possibilty of a typo and it wasn't accessed via a bookmark. At least by explaining in detail what happened to the bank's security team, you'll find out if it's a known glitch. And if it's a scam website, they should be alerted too.
GuG-Points: 1079 Last Seen: 08/28/2008 - 8:40pm Location: Deserts of Arizona I am: Voting for Obama Re: I think I was Pharmed!
August 2, 2007 - 8:55am
http://en.wikipedia.org/wiki/Pharming I suggested the phishing angle just due to the complexity of "pharming". It's far more common to be phished than pharmed. However, if you're worried about it. 1)Upgrade and flash your firmware on your wireless router - assuming you have one. Even if it has the latest version - I would flash it anyway. If that proves difficult (it's not), at least reset the router to factory default settings. You may be able to get an idea if you were pharmed by looking at the DNS table in the router. Those are the addresses that turn the name you type in a browser bar into an IP address. It's not to hard, especially with Linux, to set up a DNS server, hack your router, direct the DNS address to a server that the hacker set up and take it from there. Set up a strong password - and if your router has a timeout feature that you can enable to kick the log in screen out after a number of failed log ins - use it. Brute force and dictionary attacks depend on having the log in screen refresh with each failed try. 2)Host files. http://www.bleepingcomputer.com/tutorials/tutorial51.html Malicious access or viruses (general term) can write an IP address to your host file so that when a particular IP address or name is typed in - say your bank website - it redirects to another site. Once again, I need to point that this takes time and effort, particularly setting up a webpage that looks like your bank's website and knowing your banking habits. You can access your host file by Start->Run-> the paste in the the following: c:\windows\system32\drivers\etc\hosts Then open it with notepad. You should be looking at a sample host file with most lines "commented" or displaying a # (pound sign) in front of it. You should also see one line with the number: 127.0.0.1 Which is your home address. For the sake of simplicity - that's fine and host files can be really useful for redirecting ad sites and other websites that you don't want to access your computer - kind of like what AdBlockPlus does for Firefox. If you see any other IP addresses, you may be compromised. I'll gladly check them out if you do. Questions??? GuG-Points: 7 Last Seen: 07/13/2008 - 10:15am Location: Illinois Re: I think I was Pharmed!
August 2, 2007 - 11:36am
Okay Ashton and all, So much useful information, (THANKYOU! and I am screaming that but... can we backup for just a minute..... My router at home is a wireless router, but its password protected, and because of that I assumed secure. But...I've been having problems with the router, or should I say the signal lately. Now I'm starting to wonder.......
but the java issue might be the culprit as well. Home laptop is running Vista, which has turned out to be a giant box of glitches. I'll try both of your suggestions when I get home.
Thanks again. LMLB
GuG-Points: 1079 Last Seen: 08/28/2008 - 8:40pm Location: Deserts of Arizona I am: Voting for Obama Re: I think I was Pharmed!
August 2, 2007 - 8:59am
So after all that... What probably happened is that you have a javascript problem - thus, the fields that you typed in didn't work. I do not feel obliged to believe that same God who endowed us with sense, reason, and intellect had intended for us to forgo their use. -Galileo Galilei |
Online Member Info:Out of 17013 registered users there are currently 21 users and 97 guests online.
NavigationSimilar postsNew forum topicsRecent comments
|
)
GuG-Points: 7
Last Seen: 07/13/2008 - 10:15am
Location: Illinois