[Retired Tech]

A new variant of the Russian Gozi Trojan has been discovered that is capable of stealing data during secure socket layer (SSL) transactions.

The Trojan is one of the most sophisticated yet found and has a variety of features designed to make it difficult to locate. When it detects an SSL transaction it activates and begins key-logging the infected computer to steal account details.

In addition the Trojan makes itself difficult to detect by constantly changing its coding so that signature-based systems will not detect it.

It also has its own compression software and will compress and extract portions of its code to further disguise itself.

"It is bad enough that this new version of Gozi can encrypt and rotate its program code to bypass conventional signature detection," said Geoff Sweeney, chief technical officer at security analysis software company Tier-3.

"But the fact that it can switch a key-logging function on and off when the infected PC reaches an e-banking web page makes it almost undetectable using conventional IT security technology.

http://uk.news.yahoo...am-6315470.html

[Advertisements]

Hi there!
I got the chills when I read this!
I THINK THIS IS WHAT HAS GOT ME!!!

As of this week, I can no longer access (sign-in) MSN Hotmail, MSN Explorer or any of my secure sites!
I did a diagnostic for Windows XP Home Edition and it came up with; (part of report)

WARN This machine has more than one ethernet or more than one wireless adapter (Redirecting user to support call).

HTTP, HTTPS, FTP Diag: HTTPS:

WARN Error 12169 connecting to www.microsoft.com. The supplied certificate is invalid.
(It did connect)

HTTPS: Error 12169 connectiong to www.passport.net. The supplied cerfificate is invalid.
(Successfully connected to ftp.microsoft.com).

Error: Could not make an HTTPS connection.
*****************************************

Now, it detected "new hardware" for 2 wks that I ignored because I had not installed anything new...???
I unplugged one ethernet cable yesterday to see if it would make a difference; re above ethernet warning.... (It did not)

I looked into SSL certificates online...and it seems people buy them!??? IS that normal? Do they expire? Never heard of this before.

ARE MY BANK ACCTS. AND CREDIT CARDS CURRENTLY AT RISK?
SHOULD I ADVISE BANKS AND FREEZE CARDS AT THIS POINT!

The other day, AVAST detected (2x on same run) Win:32 Nilage-GC[TRj] Malware (Trojan)
I put that in the chest...but, it may have changed it's identity since?! Who knows?

Exhausted, Confused....and Nervous....

I've run the following numerous times: Spybot S&D, AVAST, SpywareBlaster, Spyware Guard, Ad-Aware, AVG Anti spyware last night....(Zone Alarm is on)
Cannot use On-Line Kaspersky....it is expired for me.

Truly appreciate any advice/hints you can offer....
DOES IT SOUND LIKE MY SSL STREAMS HAVE BEEN STOLEN???
THX A MIL......Loraine

[Rainey777417]

Hi there!
I got the chills when I read this!
I THINK THIS IS WHAT HAS GOT ME!!!

As of this week, I can no longer access (sign-in) MSN Hotmail, MSN Explorer or any of my secure sites!
I did a diagnostic for Windows XP Home Edition and it came up with; (part of report)

WARN This machine has more than one ethernet or more than one wireless adapter (Redirecting user to support call).

HTTP, HTTPS, FTP Diag: HTTPS:

WARN Error 12169 connecting to www.microsoft.com. The supplied certificate is invalid.
(It did connect)

HTTPS: Error 12169 connectiong to www.passport.net. The supplied cerfificate is invalid.
(Successfully connected to ftp.microsoft.com).

Error: Could not make an HTTPS connection.
*****************************************

Now, it detected "new hardware" for 2 wks that I ignored because I had not installed anything new...???
I unplugged one ethernet cable yesterday to see if it would make a difference; re above ethernet warning.... (It did not)

I looked into SSL certificates online...and it seems people buy them!??? IS that normal? Do they expire? Never heard of this before.

ARE MY BANK ACCTS. AND CREDIT CARDS CURRENTLY AT RISK?
SHOULD I ADVISE BANKS AND FREEZE CARDS AT THIS POINT!

The other day, AVAST detected (2x on same run) Win:32 Nilage-GC[TRj] Malware (Trojan)
I put that in the chest...but, it may have changed it's identity since?! Who knows?

Exhausted, Confused....and Nervous....

I've run the following numerous times: Spybot S&D, AVAST, SpywareBlaster, Spyware Guard, Ad-Aware, AVG Anti spyware last night....(Zone Alarm is on)
Cannot use On-Line Kaspersky....it is expired for me.

Truly appreciate any advice/hints you can offer....
DOES IT SOUND LIKE MY SSL STREAMS HAVE BEEN STOLEN???
THX A MIL......Loraine

[Retired Tech]

I would contact the bank by telephone as a precaution.

Please follow the procedures outlined here: Malware Removal Guide

You will need a PC which can connect to the internet

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum

For the purpose of accurate malware analysis, Hijack This Logs are only dealt with in the Malware Forum. Posting them anywhere else will result in a delayed response

If you are unable to run any of the programmes, please ask for advice in the Malware Forum

[Retired Tech]

Have moved the log here

http://www.geekstogo...e...9.html&st=0

Please do not reply to it until one of the Malware Team posts to it, then reply as required