The Wild Wild Web (WWW)is never short of scams. This morning, when a friend reffered me to a website www.gcgold.com offering $20 USD e-gold for new account registration, I was hesitant, but chose to give it a try, out of being inquisitive.
The website looks every bit very professional and convincing (many scam websites do), but do not fall for it.
Well, I registered, but did not enter my e-gold account details. It simply did not make sense to me. You claim to be offering an alternative e-currency, yet you are willing to pay me bonus via another e-currency. It sounded fishy. So I thought, if gcGold was really going to pay me, they should pay into the new gcGold account I was creating.
The confirmation email soon arrived, but was delivered into Yahoo! Spam folder. Hmmnn…
From gcGold.com Thu Dec 21 20:50:06 2006
X-Apparently-To:xxxxxxxx@yahoo.com via 206.190.48.127; Thu, 21 Dec 2006 20:50:09 -0800
X-YahooFilteredBulk: 67.15.250.2
X-Originating-IP: [67.15.250.2]
Return-Path:
Authentication-Results: mta465.mail.mud.yahoo.com from=; domainkeys=neutral (no sig)
Received: from 67.15.250.2 (EHLO serv01.siteground129.com) (67.15.250.2)
by mta465.mail.mud.yahoo.com with SMTP; Thu, 21 Dec 2006 20:50:09 -0800
Received: from gcgold by serv01.siteground129.com with local (Exim 4.63)
(envelope-from )
id 1GxcMA-00022C-NL
for [email protected]; Thu, 21 Dec 2006 22:50:06 -0600
To: [email protected]
Subject: Welcome to gcGold.com!
From: gcGold.com
Reply-to: [email protected]
Message-Id:
Date: Thu, 21 Dec 2006 22:50:06 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – serv01.siteground129.com
X-AntiAbuse: Original Domain – yahoo.com
X-AntiAbuse: Originator/Caller UID/GID – [32996 503] / [47 12]
X-AntiAbuse: Sender Address Domain – serv01.siteground129.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php signup.php
X-Source-Dir: gcgold.com:/public_html
Content-Length: 2088
Welcome to gcGold!
Congratulations Mr. Oluniyi !
You have successfully opened an account at gcGold.com,
the web’s PREMIER Online E-Currency Payments System!YOUR ACCOUNT NUMBER
Your gcGold(R) Account Number is: 1058
PLEASE SAVE YOUR ACCOUNT NUMBER!
You will need this account number every time
you sign-in to gcGold.com.ACCOUNT ACTIVATION
Please proceed to account activation page:
http://gcgold.com/activation.php?id=34b607a4fa68f349b916a4dd0649ababAt gcGold, we offer our customers a cutting-edge, global digital
e-currency system coupled with extremely low fees and the finest
personal service in the precious metals e-currency industry.
You are ALWAYS number one at gcGold.com and we are confident
you will want to make us your favorite choice for all your
e-currency needs.Please review all of the following important information about
your new gcGold account.———————————-
GCGOLD DEBIT CARDS
Worldwide ATM (and POS compatible), gcGold Debit Card
offers you the ultimate in convenience and true global e-currency!
Please visit our website at http://www.gcGold.com/debitcard.php
for further information. It takes just a few minutes to complete
the simple online application.PASSWORDS
If you forget your password, please go to our FORGOT PASSWORD link and
follow the directions. After we receive your e-mail, an gcGold
Customer Service representative will telephone you as soon as
possible to assign a new password to your account.gcGold support personnel and customer service employees are NEVER
permitted to ask you for your password under any circumstances. If
anyone, anywhere, ever asks you for your account password, you should
immediately suspect fraud and report it to our Customer Assistance
department [email protected] at once.BEWARE OF FRAUDULENT EMAILS
Please be advised that you may receive e-mails (that appear to be from
gcGold Support or Administration) asking you to sign into your
account to “verify” or update it; or a notice may say that your account
has been “targeted for fraudulent activity” and you must sign into your
account before it is deactivated; or e-mails will say that “your
account has been flagged” and will be put on immediate freeze status
unless you sign in and update it, etc. etc, etc..BEWARE OF FRAUDULENT E-MAILS THAT APPEAR TO BE FROM GCGOLD
MANAGEMENT OR DOMAIN! NEVER CLICK ON ANY E-MAIL LINKS THAT ASK YOU TO
SIGN INTO YOUR GCGOLD ACCOUNT FOR ANY REASON.HOW IT WORKS: Criminal hackers and thieves now bombard digital currency
holders with increasingly sophisticated, fraudulent e-mails that
contain all manner of malevolent tricks to try and capture your password
and perhaps steal your digital currency. One common method is to send you
an e-mail with a link that takes you to false “dummy” web pages that
appear to be identical in all ways to the genuine website (such as our
gcGold sign-in page) but are actually PHONY shadow web site
pages– NOT on the gcGold website at all. When you innocently type in
your password, a malicious program records your keystrokes and steals
your account number and password.The Internet is still a new frontier and is vulnerable to exploitation
and scams. Electronic thieves have routinely attacked eBay, Amazon.com,
AOL and all the major banking web sites for years. Almost all Internet
server names have been used for this scam as well. PLEASE REMEMBER:
GCGOLD WILL NEVER SEND YOU AN EMAIL ASKING YOU TO CLICK ON A LINK TO
SIGN INTO YOUR ACCOUNT FOR ANY REASON! Be smart and delete any e-mails
like this that you may receive.From all of us at gcGold, thank you again and welcome aboard!
Warm Regards,
gcGold Company Inc.
www.gcGold.com
[email protected]—————————————–
You will receive this e-mail one time only. Please do not respond to
this auto-generated e-mail. If you require personalized service, please
sign into your account and send a secure message through the
Message Center or e-mail us at [email protected]
Account #1058? That implies that about a thousand people have fallen already! Waoh!!
The crux of the matter is that, after clicking on the confirmation link, a page displays, saying:
Please generate your private registration key using PE-Token Software.
Follow this simple instruction:
– Run PE-Token software on your computer. No installation needed.
– Enter your Account ID number.
– Press “Generate Registration Key” button.
– Copy-Paste it into box below.
The scamming is about to begin. 🙂
I downloaded the software and followed the instructions above. (I am not that naive with using the Internet). Promptly, my AVG Anti-virus software detected a Trojan Horse in the System32 folder of Windows. (here we come :-d). I promptly deleted the trojan horse, as well as the petoken.exe I had hirtheto downloaded. I then used the anti-virus software to scan my PC again. It still detected another Trojan, called Generic2.GDZ
I did some investigation and came up with this:
gcGold.com is acting like they are the new payment processor on the market. They offer various bonuses see 2 of there e-mail down this mail. and are advertising very big. However they don’t really have a payment system, if you sign up you will be asked to install there verification technologies PE-token.
This is where 2 Trojan horses are hidden , everything you send over the Internet will also be send to GCgold.com Also there site has no real payment system, if you would try to login this would not work because there is no real site How tempting there offer may seem don’t take it, it will only harm your computer and you may lose all your money on E-gold paypal and other payment processors.
As at this morning, this is what the gcCard homepage looked like. See the snapshot below:
Server Data
Server Type: Apache/1.3.37 (Unix)
IP Address: 208.186.220.55
IP Location: United States – Minnesota – Lakeville – Bluehost.com
Response Code: 200
Blacklist Status: Clear (history)
SSL Cert: www.gcgold.com expires in 267 days
Website Status: Active
Registry Data
ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 2006-09-02
Expires: 2007-09-02
Registrar Status: clientDeleteProhibit
Whois Server: whois.godaddy.com
Name Server: NS1.BLUEHOST.COM
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: GCGOLD.COM
Created on: 02-Sep-06
Expires on: 02-Sep-07
Last Updated on:
Administrative Contact:
Private, Registration Whois Privacy and Spam Prevention by DomainTools.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax — (480) 624-2599
Why will any genuine financial company use shared hosting and anonymous domain registration? Food for thought.
Thanx Niyi for this great piece. I just hope many people will not because of desperation for money loose the ones they have now.
when you register to gcgold, they “give” you a token, petoken.exe.
when you run that software, 2 trojans wil be installed on your system.
I did forget the name of the trojans, but, what is installed is this:
tdll.dll
webvw32.dll
As i said, these are trojans !!!!
I did run the apllication “sandboxed”, that is in sandboxie.
The application wanted to open a dosbox (cmd.exe), i just wonder why.
I did deny it, a “token” was generated for me, but i could NOT login.
I contacted [email protected] and i recieved a message saying..
“This is the Postfix program at host smtpint.worldispnetwork.com.
I’m sorry to have to inform you that your message could not be
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
: host minnesota.worldispnetwork.com[216.218.232.133] said:
550 sorry, no mailbox here by that name (#5.1.1) (in reply to RCPT TO
command) ”
So, now we all know what to think and do.
Scan your PC for these dll’s mentioned abouve, or do a virusscan.
Great!
Thanks for the info .. I will spread this through my traders community
I’ve reported it to Godaddy and Hurricane Electric! Hope it helps
Thanks for the info .. Like ‘Nm.Untara’ I will also spread this to both my friends and trade community