| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e73svq$4cl$1@sea.gmane.org>
Date: Sun Jun 18 16:54:53 2006
From: davek_throwaway at hotmail.com (Dave "No, not that one" Korn)
Subject: Re: Forensics help - Outgoing email
castellan2004-fd@...oo.com wrote:
> Recently, I was introduced to the torrent network
> (primarily because I wanted to download some Linux
> distros). My curiosity made me download other audio
> torrents to see the efficiency of the torrent network.
> One thing I have noticed on my system is that there
> is an email being sent out periodically to some system
> (247.16.delicado.com.uy). When the email is being
> sent out, the AVG Anti Virus is scanning the email,
> which
> is how I found out about the delicado.com.uy system.
> I do not know what is being sent out. Can the torrent
> files compromise security on your system? Has my
> system been compromised and become part of a bot
> network? How do I find out what is causing this email
> to go out? How do I fix this problem?
One possible explanation is that one of the music files you downloaded
wasn't actually an mp3 but a virus-infected exe, with a name like
'foo.mp3.exe' or 'foo.mp3
.exe' that can easily slip past your notice if you aren't paying full
attention. I suggest you run a full scan with AVG, and perhaps try out one
or two of the on-line virus scanners as well.
On the other hand, some versions of the torrent software are known to have
been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot
S'n'D as well?
cheers,
DaveK
--
Can't think of a witty .sigline today....
Powered by blists - more mailing lists