Avast WEBforum
Other => General Topics => Topic started by: AlanHK on November 23, 2016, 07:20:32 PM
-
I'm not a loonie.
I create a unique email for every forum I join and today I received a virus sent to the email I only used to join this forum.
It was the usual crap:
Internet banking payment confirmation
Dear Customer
A payment has been made to your account. To view the details of the payment, please open the attached PDF file.
And the file was actually a zipped javascript file.
So either Avast is itself sending me viruses, or the forum was hacked and the logins of members were copied.
Really gives me great confidence in the product.
PS. Just checked my spam folder and found a dozen other spams to the same address since yesterday, with different stories but all with the same payload.
So, thanks a bunch Avast for being so careful with our data.
I've got dozens of different emails for logins on some very dubious sites, but they never send me any illegitimate mail.
-
So, thanks a bunch Avast for being so careful with our data.
Well you are wrong, email spoofing is the oldest trick in the book
Mail spoofing >> https://en.wikipedia.org/wiki/Email_spoofing
https://www.google.no/webhp?sourceid=chrome-instant&rlz=1C1JZAP_noNO713NO713&ion=1&espv=2&ie=UTF-8#q=mail%20spoofing
https://www.google.no/webhp?sourceid=chrome-instant&rlz=1C1JZAP_noNO713NO713&ion=1&espv=2&ie=UTF-8#q=how%20do%20spammers%20harvest%20email%20addresses
-
Just because you received mail on that address doesn't mean the email address was harvested from one of the databases from avast.
-
And the file was actually a zipped javascript file.
Upload the attachment to virustotal.com / metadefender.com / jotti.org
Then all member there will recive it and add signature if not already detect
-
you were a member of avast back in 2013 and in 2014 the avast forums were hacked and data was taken like emails. so thats how spammers would have got your email
-
you were a member of avast back in 2013 and in 2014 the avast forums were hacked and data was taken like emails. so thats how spammers would have got your email
Not necessarily. I have a @1337.no mail account, only exist in Norway and is rare even here.
I have never used that account for anything, so how did the spammers find it ???
-
Did my random email address generator with brute force A.I. technology really found it Pondus? ;D
-
Did my random email address generator with brute force A.I. technology really found it Pondus? ;D
Correct ;) a old and simple trick, they guessed it.
When i look at the header it is send out to probably hundred different combination of my name and one was correct
-
Just because you received mail on that address doesn't mean the email address was harvested from one of the databases from avast.
Yes it does, if this is the only place I ever use it.
In fact, I have never used the address to send from, and it's been years since it previously received any mail, when I registered at the forum.
The ONLY database that could contain it is here.
If the email provider was hacked, I'd be getting this spam from the hundreds of emails that I use at other forums and for other reasons. But it's ONLY from the address I created for Avast.
Got one more this morning. Again ONLY to the Avast address.
So, thanks a bunch Avast for being so careful with our data.
Well you are wrong, email spoofing is the oldest trick in the book
No. Spoofing has nothing to do with it.
The emails do not purport to be from Avast.
The issue is the TO address (i.e., my unique one only used for Avast), not the FROM address which anyone can fake.
Try reading a post past the subject line before replying.
I'll reword my headline, didn't want to be too verbose since it was all explained in the post, but I guess I went over some people's tl;dr limit.
Did my random email address generator with brute force A.I. technology really found it Pondus? ;D
Correct ;) a old and simple trick, they guessed it.
When i look at the header it is send out to probably hundred different combination of my name and one was correct
My address is 11 random characters. Would take trillions of tries.
Anyway, I knew I'd get a bunch of people who insisted it was my fault and that I'm a clueless idiot who doesn't know what an email address is. For anyone who isn't an evangelist, take care.
-
Anyway, I knew I'd get a bunch of people who insisted it was my fault and that I'm a clueless idiot who doesn't know what an email address is. For anyone who isn't an evangelist, take care.
You got it ;) cya :)
-
Ever thought the provider you're registering new email with is doing that? I mean, if you're making new emails with it freely for each registration, it means they need some sort of funding to run such free operation. Now, while you haven't posted which provider it is, I can't be excluding that option either.
Not to mention, believing an AV company would intentionally send malware to you via e-mail sounds like the dumbest conspiracy theory you can think off. AV companies have to constantly keep up their reputation with false positives and decisions around marketing of their products not to be too aggressive and you think they'd covertly be distributing malware to its users. Or selling out their e-mails. Hm?
Besides, not sure what's the point of having 5000 different e-mails for 5000 registrations for services. I have one address with GMail. Want to know how many malware I've received in last DECADE? None. Want to know how many spam messages landed in my Inbox in last decade? 2-ish. Maybe. So little I'm not even sure if it was really in this time span. But oh well... ¯\_(ツ)_/¯
Besides, I've seen similar years ago, far before GMail when I registered my first e-mail with my free dialup ISP (they only charged minute impulses, no monthly fee). I haven't used the e-mail anywhere and after some time I started receiving bulk e-mail not even physically addressed to me. Which brings me to my first paragraph. There probably is a connection. Intentional or unintentional by the e-mail/service providers.
-
AlanHK,
just because this webboard is the only place where you are using that email address for still doesn't mean the spammer got it from avast.
It is not the only place your email address is stored.
And there is also the option to generate random names for email addresses and send a mail to all of them to see if someone clicks on a link in the mail.
Even when no one would click the link in the mail, the spammer will still know what email addresses exist and which ones not.
If a email address doesn't exist, the mail server will send it back to the sender letting him know.
You can believe it or not, but the fact remains that the email address doesn't have to be taken from one of the databases that avast is using.
I suggest you login to https://my.avast.com and change your email address there.
-
My address is 11 random characters. Would take trillions of tries.
A email address generator would make a trillion in minutes and some will work
Posted in 1997 so spammers have improved there technique today
Spammers hit random addresses >> https://www.cnet.com/news/spammers-hit-random-addresses/
John Brogan, chief executive of ReplyNet, thinks he has found a disturbing new trend among junk emailers: sending out mailings to lists full of random email addresses.
He calls it "blind broadcasting," a practice in which spammers make up random email addresses in hopes of hitting upon a few legitimate ones. And he says it is costing his company thousands of dollars per year.
-
We need to remember that once a smart person has made up their mind, it's very hard to
get them to see the errors of their ways. After all, they have thought it all through and they must be right even when they are wrong.
Have a blessed Thanksgiving :)
-
AlanHK,
just because this webboard is the only place where you are using that email address for still doesn't mean the spammer got it from avast.
It is not the only place your email address is stored.
The email provider has a few hundred of my email aliases.
The ONLY ONE that I am getting these spam/viruses from (another half dozen today) is the address I gave to register here.
The only other place this email address is stored is on my PC, and again, it is among hundreds of others.
I have not sent or received via this email since I registered in 2013.
So: either Avast leaked my email, or someone hacked Sneakemail or my PC, ignored all the other addresses in the same file, and extracted the Avast forum address, an address I have not used for three years.
Which is more likely?
I will trash the address and make a new one; that's why I use these aliases. And because it lets me know exactly who is responsible for any abuse of the address.
But I had hoped that someone here might give a shit.
Instead, you all can only think of how to discredit the facts I've reported.
-
We need to remember that once a smart person has made up their mind, it's very hard to
get them to see the errors of their ways. After all, they have thought it all through and they must be right even when they are wrong.
Have a blessed Thanksgiving :)
Okay Bob, instead of smug putdowns, can you answer these question?:
Why am I only getting this spam to this address, and not one of the hundreds of others I use?
Who else has a record of this email address, but not any of the others I use?
-
My address is 11 random characters. Would take trillions of tries.
A email address generator would make a trillion in minutes and some will work
Oh for God's sake. How the hell would it test them?
A spammer is going to send mail addressed to a trillion random addresses, 99.99999% of which will bounce?
That's a DDOS. Either 1) they'll crash the email server or 2) they'll get blocked. In neither case will more than a tiny proportion of their email get through.
Spammers don't do that, they buy huge lists of hacked names at less than a cent each.
-
As you seem to be the only person complaining about this then someone must of hacked the forum data base, stole just your one email address and decided to spam their vendetta against you :)
Emails are guessed/copied all the time so no real surprise if one returns some spam now and again, computers are prone to being scanned for information as well so who's to say the information wasn't grabbed from your end :o as long as you don't reply to them then all is good, you can rest assured that Avast is protecting your information here and forum security has been much tighter since being breached in 2014 to which Avast also notified everyone of the breach and advised those to change login details.
-
As you seem to be the only person complaining about this then someone must of hacked the forum data base, stole just your one email address and decided to spam their vendetta against you :)
Or I'm the only one (of the half dozen who have read this) who uses a unique address for this forum and if you are getting this spam it was probably filtered out by GMail and in any case you could have no idea it is a result of your membership here.
Avast also notified everyone of the breach and advised those to change login details.
"breached in 2014"
I registered in 2013 and never got a notification of that.
So, when I go my profile to change the email address -- it's impossible.
The login name IS the email address. No option to change it.
Quite likely that is why email addresses leak so easily.
Brilliant design Avast. People never have to change their email addresses.
-
As I said you're the only one with this issue, the forum security does a good job of protecting everyone.
Nothing else for me to add here.
-
The login name IS the email address. No option to change it.
Yes there is and I told you where it can be done already.
"breached in 2014" I registered in 2013 and never got a notification of that.
The mail was send to everyone.
Perhaps you can't remember it, but that doesn't mean you weren't notified.
Things where also mentioned on the avast website and on this webboard.
If (and I say if because you still haven't proved it) the email address was retrieved during the hack of avast, you could (should?) have changed it over 2,5 years ago.
I created a real simple, not optimized code to generate random 11 character strings in basic.
On a old system (Athlon XP 2000+, 2Gb ram, running Windows 7), it takes about 2,6 seconds to generate 1.000.000 strings.
Do a little math and calculate how many strings a modern home-system (more cores, higher cpu clock, more memory, use of the GPU as well) can generate if the code was written in SSE2 (or a higher) instruction set...
'' Set screen mode - Resolution: 1024x768 Bits: 32 Colors: 256k
Screen 20,32
dim as string r
dim as double t1, t2, t3
t1 = Timer()
cls
For f As double = 1 To 1000000
For g As Integer = 1 To 11
r = r + chr(32 + (rnd*128))
Next
Next f
t2 = Timer()
t3 = t2 - t1
Print t3
Sleep
-
We need to remember that once a smart person has made up their mind, it's very hard to
get them to see the errors of their ways. After all, they have thought it all through and they must be right even when they are wrong.
Have a blessed Thanksgiving :)
Okay Bob, instead of smug putdowns, can you answer these question?:
Why am I only getting this spam to this address, and not one of the hundreds of others I use?
Who else has a record of this email address, but not any of the others I use?
That wasn't meant as a put down and your continued insistence only proves it.
Spam is a hit and miss thing so it's very simple to have one email address receive lots of spam and another receive almost none.
You're barking up the wrong tree but apparently aren't willing to realize it. None of us can convince you of that fact.
Any further posts are useless. There are actually users that have a problem and need assistance. This isn't one of those places.
-
Oh for God's sake. How the hell would it test them?
They dont test, they create random addresses and send out bulk mails to tens of tousands addresses and hope some hit a live address
This is auto done by computers / program and not a person sitting an doing this work, it is a automatic spam sending factory
Spammers don't do that, they buy huge lists of hacked names at less than a cent each.
Yes they do that also, they have more the one trick in there spam book
Spambot >> https://en.wikipedia.org/wiki/Spambot
Email address harvesting >> https://en.wikipedia.org/wiki/Email_address_harvesting