In the last month, I have used PCHelpWare 1.0 to assist two separate and totally unrelated clients with computer issues. Both machines are locked down tight as a drum, as is my own computer.
During the course of the assist session, I helped one client pick a hard laptop case from a reputable online vendor. Two days later, she had multiple sub-$50 charges attempted on the same card used during this session. Things like Sirius satellite radios and other electronics were purchased.
Two weeks later, I help a completely separate client purchase a copy of Office 2007 from Amazon.com. A day later, $11k in fraudulent transactions on this card, again, all under $50 in what appears to be an attempt to keep things "under the radar". Again, small electronics purchases including Blizzard Online Entertainment/WOW accounts.
Both machines were thoroughly scanned for rootkits, trojans, etc. with the results being a clean machine. The machine in the first instance was a spam new install from Lenovo and had only been used for a couple of days!
Short of outright accusing someone of sneaking keylogging code into this software, I do find it rather strange that two people, geographically separate, using totally different vendors, had such similar activity occur only a day or so after I used PCHelpWare to assist them.
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
PcHelpWare & fradulent credit card activity - a link?
Re: PcHelpWare & fradulent credit card activity - a link
pchelpware is not the problem. It is encrypted and password protected via the password you set. I would try to dig a little deeper to the cause. Is your pc clean as well?
Bevtech
Windows XP Home, Pro SP2, Windows 2003 SBS server SP2(EN), Windows Media Center Editon 2005,Windows Vista Home Prem.,Fedora Core 6,Win9X, PChelpware Rel 1.0,
UVNC V 1.0.8.2
User not developer..
Windows XP Home, Pro SP2, Windows 2003 SBS server SP2(EN), Windows Media Center Editon 2005,Windows Vista Home Prem.,Fedora Core 6,Win9X, PChelpware Rel 1.0,
UVNC V 1.0.8.2
User not developer..
-
Rudi De Vos
- Admin & Developer
- Posts: 6867
- Joined: 2004-04-23 10:21
- Contact:
Re: PcHelpWare & fradulent credit card activity - a link
1) In PcHelpware all data is encrypted via a 256bit encryption and key
is transffered protected by a 512 prime number. If you are using a repeater, he is not able to read the content, he just pass the data from a to b.
2) On the viewer PC, the keyboard is captured and send to the server PC.
On the server PC, the keys are executed. Unless you remote entered the credit card info on the server PC, it never has passed the internet.
My PC (@WORK) is behind a firewalls and running the
corporate version of McAfee. This PC got infected by a root kit via the
iexplorer. NO clicking to download anything, enter http:\\www.ddd.eee
and rootkit installed, McAfe disabled and other nasty stuff.
No rootkit scanner was able to detect anything, until i booted from another disk ( OS). Then i could clean the disk, but decided to reinstall
all, as to many files where added or modified.
Credit card fraud is handled as a crime, in both cases the ordered products need to be send to an address...as it where physical goods.
Country ?
is transffered protected by a 512 prime number. If you are using a repeater, he is not able to read the content, he just pass the data from a to b.
2) On the viewer PC, the keyboard is captured and send to the server PC.
On the server PC, the keys are executed. Unless you remote entered the credit card info on the server PC, it never has passed the internet.
My PC (@WORK) is behind a firewalls and running the
corporate version of McAfee. This PC got infected by a root kit via the
iexplorer. NO clicking to download anything, enter http:\\www.ddd.eee
and rootkit installed, McAfe disabled and other nasty stuff.
No rootkit scanner was able to detect anything, until i booted from another disk ( OS). Then i could clean the disk, but decided to reinstall
all, as to many files where added or modified.
Credit card fraud is handled as a crime, in both cases the ordered products need to be send to an address...as it where physical goods.
Country ?