Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Warning Serious Internet Explorer Torpig Mebroot Sinowal Virus / Phishing scam

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
12,936
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Oct 17, 2008

Warning Serious Internet Explorer Sinowal Torpig Mebroot Exploit/Phishing scam That Microsoft Doesn't know About

There is a serious exploit in Internet Explorer that everyone must know about as soon as possible.

I used a debugging program which is a program created by Microsoft that allows programmers to see the pages/URLS/IP addresses when Internet Explorer connects to the internet. I ran the software and visited these sites and I noticed a strange IP that was being accessed every time I went to paypal, Bank of America or Ebay and any site with forms that you input user and pass or CC info.

I did a whois on the IP address that was coming up and contacted the ISP with screenshots of the exploit. I then called the ISP if they could help determine what the problem was. After reviewing it, they confirmed that this was some sort of hacker account that was gathering information. So it turns out the IE exploit is using an advanced phishing scam that is gathering information from the sites asking for credit card information and sending it to these IP addresses. But beware it grabs data you enter in regular forms and the everything looks normal thats what makes this so dangerous.

They immediately shut down the hosting account with that IP that was sending information to. They confirmed that this was being used for hackers gathering phishing information. Because of privacy laws they could not give me any information of the owner of the hosting account, but they did confirm the owners of the account were in Europe.

Once the IP was shut down I decided to test my computer again with the program figuring that the problem might still be there, but the IP address would be dead and amazingly the virus/Trojan in Internet Explorer changed the IP address that the information was being sent to.

Meaning this exploit was smart enough to realize that the IP address that it was sending the information to was shut down and now sending the information to a new IP address. I contacted the ISP again, and they once again confirmed this.

They also admitted that In total they shut down 22 hosting accounts/IP's that were gathering phishing information from this exploit. (The ISP that was running the hosting company was in Kansas) They reccomended I contact the FBI for Electronic Crimes Division in San Diego. There is a new IP address that the information is now being sent to (this new ISP hosting company is located in Canada that the information is now being sent to)

I am very technical when it comes to computers and have been programming for many years, so I have a lot of experience with debugging, viruses, and programming. I've ran every program from hijack this, Spybot search and destroy, and every other virus/trojan program on the net I could find and none were able to detect or find any viruses or trojans.

Today Oct 15, 2008 I contacted level 2 at Microsoft after unsuccessfully finding any solutions for this problem. After talking with Microsoft and explaining the situation to them I gave them remote access to my computer so they could see for themselves and they confirmed that they saw the exploit and admitted that they have never seen this before. They have escalated this situation, and told me they will be calling me back on Friday October 17, 2008 with more information.There can literally be millions of computers infected with this virus, and no one will know because everything looks normal.

Contact me if you have any more information or if you computer is infected with this:
Mikeharpen@gmail.com

Category:

Science & Technology

Tags:

License:

Standard YouTube License

  • likes, 0 dislikes

Link to this comment:

Share to:

Uploader Comments (mikeharpen)

  • In FF I think it is a malware that is pretending to detect Sinowal because a pop-up "Windows Security Center" pop-up starts saying computer is infected with Sinowal.Trojan and only allows "enable protection" to be selected (but fonts are screwed up). Also, hijacks FF startup with "Computer is insecure" and select options to continue or solve. All occurred after unexpected PC shutdown/auto reboot. I think this is something different than the real Sinowal since there is nothing subtle about it.

    Gatortag 3 years ago

  • right on, most of these virus alerts are spam promoting junk virus protection

    mikeharpen 3 years ago

  • can someone help me?

    i cant use internet explorerer.

    supermanpussy 3 years ago

  • what type of error are you getting? with this virus IE works just fine (except in the background it steals data) so you might have another issue

    mikeharpen 3 years ago

  • is this only effecting IE or also FF?

    BreakinBones28 3 years ago

  • only one person claimed they got it by loading a page in FF but nobody else can replicate it in FF and technically it would be impossible to get infected thru FF with this specific virus.

    mikeharpen 3 years ago

see all

All Comments (18)

Sign In or Sign Up now to post a comment!

  • do they know about that?

    adliikhwan280 2 years ago

  • Question? If you format your hard drive will this virus still be on it?

    TexasWundergirl 2 years ago

  • internet explorer 7 uses too much RAM Camtasia uses more RAM then HyperCam

    adliikhwan280 2 years ago

  • well thank god someone was smart enough to notice this! OMG I sure hope that doesn't happen to me! Unless it is already on my pc???? This is why I hate HACKERS. They have no life so they steal others info and make a new one; a duplicat

    dummkopf26 3 years ago

  • This is scary shit

    Bishn0zle 3 years ago

  • how do u know u have it??!!!

    26414 3 years ago

  • When my friend told me about this, I was scared I'd get the virus because I was on IE. I immediately downloaded FF and deleted IE from my computer. Could I still be vulnerable to this virus?? If I could, I want to know anything I can do to get rid of it. Please help!

    LeftoverAcc 3 years ago

  • I have this virus too! Please help me! what can I do! I don't feel safe on my computer!!!

    jdavidjr 3 years ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more