lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Jun 18 17:25:48 2006 From: cardosolistas at contraditorium.com (Cardoso) Subject: Re: Forensics help - Outgoing email There's a rogue version of Azureus full of trojans/adware, and it's a PAID version. Also there are a few emule scam sites with unnoficial versions. On Sun, 18 Jun 2006 16:54:32 +0100 "Dave \"No, not that one\" Korn" <davek_throwaway@...mail.com> wrote: D\ntoK> castellan2004-fd@...oo.com wrote: D\ntoK> D\ntoK> > Recently, I was introduced to the torrent network D\ntoK> > (primarily because I wanted to download some Linux D\ntoK> > distros). My curiosity made me download other audio D\ntoK> > torrents to see the efficiency of the torrent network. D\ntoK> > One thing I have noticed on my system is that there D\ntoK> > is an email being sent out periodically to some system D\ntoK> > (247.16.delicado.com.uy). When the email is being D\ntoK> > sent out, the AVG Anti Virus is scanning the email, D\ntoK> > which D\ntoK> > is how I found out about the delicado.com.uy system. D\ntoK> > I do not know what is being sent out. Can the torrent D\ntoK> > files compromise security on your system? Has my D\ntoK> > system been compromised and become part of a bot D\ntoK> > network? How do I find out what is causing this email D\ntoK> > to go out? How do I fix this problem? D\ntoK> D\ntoK> One possible explanation is that one of the music files you downloaded D\ntoK> wasn't actually an mp3 but a virus-infected exe, with a name like D\ntoK> 'foo.mp3.exe' or 'foo.mp3 D\ntoK> .exe' that can easily slip past your notice if you aren't paying full D\ntoK> attention. I suggest you run a full scan with AVG, and perhaps try out one D\ntoK> or two of the on-line virus scanners as well. D\ntoK> D\ntoK> On the other hand, some versions of the torrent software are known to have D\ntoK> been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot D\ntoK> S'n'D as well? D\ntoK> D\ntoK> cheers, D\ntoK> DaveK D\ntoK> -- D\ntoK> Can't think of a witty .sigline today.... D\ntoK> D\ntoK> D\ntoK> D\ntoK> _______________________________________________ D\ntoK> Full-Disclosure - We believe in it. D\ntoK> Charter: http://lists.grok.org.uk/full-disclosure-charter.html D\ntoK> Hosted and sponsored by Secunia - http://secunia.com/ D\ntoK> Allgemeinen Anschulterlaubnis Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com
Powered by blists - more mailing lists