Full Disclosure mailing list archives
Re: Re: Forensics help - Outgoing email
From: Cardoso <cardosolistas () contraditorium com>
Date: Sun, 18 Jun 2006 13:25:37 -0300
There's a rogue version of Azureus full of trojans/adware, and it's a PAID version. Also there are a few emule scam sites with unnoficial versions. On Sun, 18 Jun 2006 16:54:32 +0100 "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com> wrote: D\ntoK> castellan2004-fd () yahoo com wrote: D\ntoK> D\ntoK> > Recently, I was introduced to the torrent network D\ntoK> > (primarily because I wanted to download some Linux D\ntoK> > distros). My curiosity made me download other audio D\ntoK> > torrents to see the efficiency of the torrent network. D\ntoK> > One thing I have noticed on my system is that there D\ntoK> > is an email being sent out periodically to some system D\ntoK> > (247.16.delicado.com.uy). When the email is being D\ntoK> > sent out, the AVG Anti Virus is scanning the email, D\ntoK> > which D\ntoK> > is how I found out about the delicado.com.uy system. D\ntoK> > I do not know what is being sent out. Can the torrent D\ntoK> > files compromise security on your system? Has my D\ntoK> > system been compromised and become part of a bot D\ntoK> > network? How do I find out what is causing this email D\ntoK> > to go out? How do I fix this problem? D\ntoK> D\ntoK> One possible explanation is that one of the music files you downloaded D\ntoK> wasn't actually an mp3 but a virus-infected exe, with a name like D\ntoK> 'foo.mp3.exe' or 'foo.mp3 D\ntoK> .exe' that can easily slip past your notice if you aren't paying full D\ntoK> attention. I suggest you run a full scan with AVG, and perhaps try out one D\ntoK> or two of the on-line virus scanners as well. D\ntoK> D\ntoK> On the other hand, some versions of the torrent software are known to have D\ntoK> been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot D\ntoK> S'n'D as well? D\ntoK> D\ntoK> cheers, D\ntoK> DaveK D\ntoK> -- D\ntoK> Can't think of a witty .sigline today.... D\ntoK> D\ntoK> D\ntoK> D\ntoK> _______________________________________________ D\ntoK> Full-Disclosure - We believe in it. D\ntoK> Charter: http://lists.grok.org.uk/full-disclosure-charter.html D\ntoK> Hosted and sponsored by Secunia - http://secunia.com/ D\ntoK> Allgemeinen Anschulterlaubnis Cardoso <cardoso () pobox com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Forensics help - Outgoing email castellan2004-fd (Jun 17)
- Re: Forensics help - Outgoing email Dave "No, not that one" Korn (Jun 18)
- Re: Re: Forensics help - Outgoing email Cardoso (Jun 18)
- Re: Forensics help - Outgoing email Dave "No, not that one" Korn (Jun 18)