Re: Forensics help - Outgoing email

["Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>]

castellan2004-fd () yahoo com wrote:

> Recently, I was introduced to the torrent network
> (primarily because I wanted to download some Linux
> distros).  My curiosity made me download other audio
> torrents to see the efficiency of the torrent network.
>  One thing I have noticed on my system is that there
> is an email being sent out periodically to some system
> (247.16.delicado.com.uy).  When the email is being
> sent out, the AVG Anti Virus is scanning the email,
> which
> is how I found out about the delicado.com.uy system.
> I do not know what is being sent out.  Can the torrent
> files compromise security on your system?  Has my
> system been compromised and become part of a bot
> network?  How do I find out what is causing this email
> to go out?  How do I fix this problem?

  One possible explanation is that one of the music files you downloaded 
wasn't actually an mp3 but a virus-infected exe, with a name like 
'foo.mp3.exe' or 'foo.mp3 
.exe' that can easily slip past your notice if you aren't paying full 
attention.  I suggest you run a full scan with AVG, and perhaps try out one 
or two of the on-line virus scanners as well.

  On the other hand, some versions of the torrent software are known to have 
been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot 
S'n'D as well?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/