[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20060618132339.B3FC.CARDOSOLISTAS@contraditorium.com>
Date: Sun Jun 18 17:25:48 2006
From: cardosolistas at contraditorium.com (Cardoso)
Subject: Re: Forensics help - Outgoing email
There's a rogue version of Azureus full of trojans/adware, and it's a
PAID version. Also there are a few emule scam sites with unnoficial
versions.
On Sun, 18 Jun 2006 16:54:32 +0100
"Dave \"No, not that one\" Korn" <davek_throwaway@...mail.com> wrote:
D\ntoK> castellan2004-fd@...oo.com wrote:
D\ntoK>
D\ntoK> > Recently, I was introduced to the torrent network
D\ntoK> > (primarily because I wanted to download some Linux
D\ntoK> > distros). My curiosity made me download other audio
D\ntoK> > torrents to see the efficiency of the torrent network.
D\ntoK> > One thing I have noticed on my system is that there
D\ntoK> > is an email being sent out periodically to some system
D\ntoK> > (247.16.delicado.com.uy). When the email is being
D\ntoK> > sent out, the AVG Anti Virus is scanning the email,
D\ntoK> > which
D\ntoK> > is how I found out about the delicado.com.uy system.
D\ntoK> > I do not know what is being sent out. Can the torrent
D\ntoK> > files compromise security on your system? Has my
D\ntoK> > system been compromised and become part of a bot
D\ntoK> > network? How do I find out what is causing this email
D\ntoK> > to go out? How do I fix this problem?
D\ntoK>
D\ntoK> One possible explanation is that one of the music files you downloaded
D\ntoK> wasn't actually an mp3 but a virus-infected exe, with a name like
D\ntoK> 'foo.mp3.exe' or 'foo.mp3
D\ntoK> .exe' that can easily slip past your notice if you aren't paying full
D\ntoK> attention. I suggest you run a full scan with AVG, and perhaps try out one
D\ntoK> or two of the on-line virus scanners as well.
D\ntoK>
D\ntoK> On the other hand, some versions of the torrent software are known to have
D\ntoK> been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot
D\ntoK> S'n'D as well?
D\ntoK>
D\ntoK> cheers,
D\ntoK> DaveK
D\ntoK> --
D\ntoK> Can't think of a witty .sigline today....
D\ntoK>
D\ntoK>
D\ntoK>
D\ntoK> _______________________________________________
D\ntoK> Full-Disclosure - We believe in it.
D\ntoK> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
D\ntoK> Hosted and sponsored by Secunia - http://secunia.com/
D\ntoK>
Allgemeinen Anschulterlaubnis
Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com
Powered by blists - more mailing lists