lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20060618132339.B3FC.CARDOSOLISTAS@contraditorium.com>
Date: Sun Jun 18 17:25:48 2006
From: cardosolistas at contraditorium.com (Cardoso)
Subject: Re: Forensics help - Outgoing email

There's a rogue version of Azureus full of trojans/adware, and it's a
PAID version. Also there are a few emule scam sites with unnoficial
versions.





On Sun, 18 Jun 2006 16:54:32 +0100
"Dave \"No, not that one\" Korn" <davek_throwaway@...mail.com> wrote:

D\ntoK> castellan2004-fd@...oo.com wrote:
D\ntoK> 
D\ntoK> > Recently, I was introduced to the torrent network
D\ntoK> > (primarily because I wanted to download some Linux
D\ntoK> > distros).  My curiosity made me download other audio
D\ntoK> > torrents to see the efficiency of the torrent network.
D\ntoK> >  One thing I have noticed on my system is that there
D\ntoK> > is an email being sent out periodically to some system
D\ntoK> > (247.16.delicado.com.uy).  When the email is being
D\ntoK> > sent out, the AVG Anti Virus is scanning the email,
D\ntoK> > which
D\ntoK> > is how I found out about the delicado.com.uy system.
D\ntoK> > I do not know what is being sent out.  Can the torrent
D\ntoK> > files compromise security on your system?  Has my
D\ntoK> > system been compromised and become part of a bot
D\ntoK> > network?  How do I find out what is causing this email
D\ntoK> > to go out?  How do I fix this problem?
D\ntoK> 
D\ntoK>   One possible explanation is that one of the music files you downloaded 
D\ntoK> wasn't actually an mp3 but a virus-infected exe, with a name like 
D\ntoK> 'foo.mp3.exe' or 'foo.mp3 
D\ntoK> .exe' that can easily slip past your notice if you aren't paying full 
D\ntoK> attention.  I suggest you run a full scan with AVG, and perhaps try out one 
D\ntoK> or two of the on-line virus scanners as well.
D\ntoK> 
D\ntoK>   On the other hand, some versions of the torrent software are known to have 
D\ntoK> been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot 
D\ntoK> S'n'D as well?
D\ntoK> 
D\ntoK>     cheers,
D\ntoK>       DaveK
D\ntoK> -- 
D\ntoK> Can't think of a witty .sigline today.... 
D\ntoK> 
D\ntoK> 
D\ntoK> 
D\ntoK> _______________________________________________
D\ntoK> Full-Disclosure - We believe in it.
D\ntoK> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
D\ntoK> Hosted and sponsored by Secunia - http://secunia.com/
D\ntoK> 

Allgemeinen Anschulterlaubnis
Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ