lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun Jun 18 16:54:53 2006
From: davek_throwaway at hotmail.com (Dave "No, not that one" Korn)
Subject: Re: Forensics help - Outgoing email

castellan2004-fd@...oo.com wrote:

> Recently, I was introduced to the torrent network
> (primarily because I wanted to download some Linux
> distros).  My curiosity made me download other audio
> torrents to see the efficiency of the torrent network.
>  One thing I have noticed on my system is that there
> is an email being sent out periodically to some system
> (247.16.delicado.com.uy).  When the email is being
> sent out, the AVG Anti Virus is scanning the email,
> which
> is how I found out about the delicado.com.uy system.
> I do not know what is being sent out.  Can the torrent
> files compromise security on your system?  Has my
> system been compromised and become part of a bot
> network?  How do I find out what is causing this email
> to go out?  How do I fix this problem?

  One possible explanation is that one of the music files you downloaded 
wasn't actually an mp3 but a virus-infected exe, with a name like 
'foo.mp3.exe' or 'foo.mp3 
.exe' that can easily slip past your notice if you aren't paying full 
attention.  I suggest you run a full scan with AVG, and perhaps try out one 
or two of the on-line virus scanners as well.

  On the other hand, some versions of the torrent software are known to have 
been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot 
S'n'D as well?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



Powered by blists - more mailing lists