Warning

 

Close
Confirm Action

Are you sure you wish to do this?

Cancel Confirm
6481 Online
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
AR15.COM
bravocompany
My Account
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
GS
midwest
silencerShop
aim
primaryArms
springfield
skd
brownells
fightlite
bravocompany
JRH
RS
cz
OSIGHT
palmetto
geissele
Holosun
colt
Guns
vortex
DFC
magpul
6481 Online
magpul
Guns
RS
aim
geissele
Holosun
primaryArms
colt
bravocompany
springfield
cz
skd
JRH
OSIGHT
silencerShop
vortex
palmetto
brownells
GS
DFC
midwest
fightlite
Site News Could You Have Stopped This? Vegas Shooting Analysis with Attorneys on Retainer
Sponsor News Introducing TNVC's NEW and Exclusive Filmed SuperGain (FSG) and Chimera Panoramic Goggle Giveaway!
12/1/2010 9:19:51 AM EDT
Wells Fargo phone support thinks that we have a virus on our computer. Scans show nothing.

When logging into our account we are then taken to a page with a Wachoiva logo and asking for an RSA key be entered. Phone support says that this is a malware produced page.

It is still an HTTPS page, and I am leaning towards they have changed their system as opposed to a virus. This has happened several times in the recent past with their website.

Is it possible for an HTTPS session to get hijacked?
12/1/2010 9:24:09 AM EDT
[#1]
Man in the middle.

What does the cert for the HTTPS page show?
12/1/2010 9:24:11 AM EDT
[#2]
Quoted:
Wells Fargo phone support thinks that we have a virus on our computer. Scans show nothing.

When logging into our account we are then taken to a page with a Wachoiva logo and asking for an RSA key be entered. Phone support says that this is a malware produced page.

It is still an HTTPS page, and I am leaning towards they have changed their system as opposed to a virus. This has happened several times in the recent past with their website.

Is it possible for an HTTPS session to get hijacked?


No, but it possible for a redirect to happen prior to that.

12/1/2010 9:25:24 AM EDT
[#3]
Format and be done with it
12/1/2010 9:26:25 AM EDT
[#4]
Quoted:
Man in the middle.

What does the cert for the HTTPS page show?

Not certain, I can't get there anymore as they have disabled the account.
12/1/2010 9:29:03 AM EDT
[#5]
Quoted:
Format and be done with it

Standard solution, but they want a virus log before they will re-activate the account.
12/1/2010 9:31:52 AM EDT
[#6]


This has happened several times in the recent past with their website.







Online banking websites go through so much red tape and regression testing that the chances of this (issue on their side) are very slim.

 
12/1/2010 9:33:06 AM EDT
[#7]
http://en.wikipedia.org/wiki/Man_in_the_Browser



Back up your important docs, format/reinstall, and don't fuck up again
12/1/2010 9:36:15 AM EDT
[#8]
I have dealt with Wells Fargo in a corporate IT environment. As best as I can ascertain, they employee a fair number of idiots.

12/1/2010 9:43:43 AM EDT
[#9]
download, install, and update malwarebytes, disconnect the internet, run the full scan with malwarebytes. if it comes up clean but the issues continues try tdsskiller from kaspersky labs, if that comes up clean then try combofix from bleepingcomputer.com.



Also if you are using AVG Free....... STOP THAT! there are other free ones that work better, I prefer Avast if you have to use a freebie.



I am a computer technician and 50-75% of the issues I work on month to month are cause by malware/fraudware/trojans. I have not had to reformat a machine to fix one of those issues in years. Occasionally it turns out that formatting might have even been faster but no matter what lengths I go to to back everything up the customer often complaigns that they can't find something (even if I backed up the entire hard drive and put it in a folder after the reformat).
12/1/2010 9:54:18 AM EDT
[#10]
Could be the Zbot / Zeus bot that is going around. My bank has warned users about it before allowing anyone to even login now. Google it and see
12/2/2010 8:24:01 AM EDT
[#11]
Well, I have run several scans. OfficeScan, Avast, and MalwareBytes... nothing.

I manually checked for zeus/zbot and saw no trace of it.

Dealing with Wells Fargo "Technical Services" currently... doesn't look promising.
12/2/2010 8:25:01 AM EDT
[#12]
Wells Fargo and Wachovia are the same company
12/2/2010 8:26:51 AM EDT
[#13]
Quoted:
Wells Fargo and Wachovia are the same company

I know. I attempted to explain that to phone support... they denied it.
bravocompany
ar15com
blackhills
geissele
THBRD
LAPG
colt
brownells
CA
springfield
ar15com
Pro2A
SAS
palmetto
Faxxon
silencerShop
RS
LAPG
primaryArms
ar15com
fightlite
cmmg