Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: AndrueC on October 14, 2009, 06:18:02 PM
-
Since yesterday I have had two spam emails sent to me at an address that only Avast should be using.
One was titled 'Latest PDF Reader with Activation Code' the other was 'New Tools For Your Google Earth Experience'.
I know that Avast is responsible because part of my anti-spam system is to give everyone I deal with a unique email address to contact me. Either Avast are selling their contact lists to third parties or else someone has gained access to their mailing lists.
Just to be clear here:I am not talking about their address being in the 'From:' field - I know they can be spoofed. I am talking about someone sending me email using an address that only myself and Avast are supposed to know about.
I take a very dim view of this situation however it has arisen. If someone from Avast wishes to contact me they can do so for the next week. After that the address goes on the black list.
-
I have several email addresses, some which haven't even been used yet and guess what some of them get spam.
It entirely depends on what the email address is as dictionary attacks are commonly used in the hope of hitting valid addresses. I have a couple of these type of addresses that weren't in the public arena, but they get spam ;D
One of my ISPs I frequently find spam emails coming with whole blocks of email addresses for email addresses of that ISPs user. My suspicion was that their databases were hacked and the emails harvested otherwise how would an email address get into the public arena where it might get harvested.
So there is more to this than meets the eye, the email address I use on the forums, gets very little spam and that has been around for some time and used in multiple locations. Alwil software doesn't divulge emails to third parties, I have been an avast user for five and a half years and haven't come across anything to suspect otherwise.
-
I get spam to accounts that are known only to me and the ISP. They were set up to reserve space for personal websites that have not been activated and have never been used. Are you using names that might be guessed via a dictionary attack? Did your ISP send you a welcome notice? I don't think my ISP is selling their customer list either, but somehow spammers have learned my address.
-
Hello AndrueC
there is no possibility of someone gaining access to avast's mailing lists. I too have many email ids. i'll not get even a single spam. my isp knows one of my email ids which is my most used id. then too I don't get any spams.
one of my forum friends, scott, said me that I have good browsing habits, thanks scott. ;) . I now know that he was not joking.
hope you have good browsing habits.
nmb
-
Sorry, no - nothing to do with my ISP. Until recently I was actually running my own mail server but now I rely on Thunderbird to filter out stuff based on the To: field using my domain provider's server.
It's based around a wildcard so I don't even have to configure things normally. My domain provider puts everything into one mailbox and I pull it down with Thunderbird. I have rules that delete anything where the To: field doesn't contain certain things or when it matches a known source of spam.
Although it's conceivable in this case that a dictionary attack would work it would be the most precise dictionary attack ever heard of. They just happened to pick the right words to match with an address that I gave out to Avast!
As a ficticous example:Suppose I told Avast to contact me at:
avast.wibble@fakedomain.com
What are the chances that a dictionary attack or a random spammer would pick that as an address to target?
In this case '.wibble@' is the security marker. Anything without at least that in the To field gets deleted immediately and never seen. So 'bill@fakedomain.com' is an immediate fail for example.
I know how much email my mailbox is getting and today it was 54 items - 52 of which were spam and deleted. No way in hell is this a dictionary attack. Either that or the perpretator should be playing the lottery!
As for good browsing habits:Even if I had lousy habits and was infected by trojans it still wouldn't explain where that address comes from. The address isn't stored by me. It's not going to be in my address book so can't be stolen. In fact until I add it to the blacklist it isn't stored anywhere on my system. The only place that should store it is Avast.
Nope. Just doesn't add up. It's either spam from Avast or someone else has gained access to the information.
-
Well it isn't spam from avast, what would they gain from it.
I and the others can only tell of our experiences of avast/Alwil Software. If you can't trust your security applications, who can you trust and why would you keep it.
Surely then the spam that is deleted because of the wibble failure wouldn't come from the email you gave avast as that would have it.
I'm sure you are aware that email also passes through multiple servers and unless encrypted it is possible it could get intercepted.
-
Hi,
Since yesterday now means today.
So of 54 emails received up to some time today
50 were spam not related to Avast
2 were supposedly connected with Avast
2 were genuine
To how many of your secret individual addresses were the 50 sent?
It hardly seems further comment is necessary?
My regards
-
How do spammers harvest email addresses ?
http://www.private.org.il/harvest.html
The Spam Experiment
http://www.philb.com/spamex.htm
E-mail spam
http://en.wikipedia.org/wiki/Spam_mail
-
never ever got spammed for giving an email address to a webforum, never ::) ...and I can hardly imagine Avast doing this.
-
***
Welcome to the forums, AndrueC. :)
You would be wise to consider all the above comments.
If what you are suggesting was true, don't you think this forum would be full of complaints? Do you not think those of us responding to you would also be complaining about such an action from avast?
Yet, you are the only one suggesting such a thing.
***
-
ALWIL Software DOESN'T send ANY spam and they are NOT related with ANY spam company.
-
Okay some more facts.
Of the emails rejected yesterday all were old, known blacklisted addresses. I've been running this system for nearly ten years now. It's not surprising (though a little sad) that over the years I've slowly built up a blacklist. There aren't many addresses on it (around a dozen now I think). I don't think I've updated the blacklist in over a year. So basically this unique address that only Avast and myself know exists (and frankly I'd forgotten about it) suddenly wakes up and becomes a new source of spam?
I subscribe to dozens of forums and have accounts with dozens of retailers and other organisations. I have a very active online life. So how come no other email addresses have gone bad recently?
Q)If what you are suggesting was true, don't you think this forum would be full of complaints?
A)No. Very few people use this kind of system. Most people use the same email address for all their contacts. To them these messages would just be typical spam that they have no practical way to trace. Furthermore most people because of this just ignore spam. It's something they've learned to live with. My system ensures that I almost never get spam and when I do I can trace it or at least immediately block it.
Q)never ever got spammed for giving an email address to a webforum, never
How do you know? See above Q/A. Actually though, neither have I. This email address wasn't used for a forum. It was used when I registered the software. I've only reused it on this forum when I opened the account to complain. So technically I'm not blaming the forum - I'm blaming the Avast registration system.
Q)Surely then the spam that is deleted because of the wibble failure wouldn't come from the email you gave avast as that would have it.
A)Eh? I don't think you've understood what I wrote. The 'wibble failure' was a general example of how my security system works that's all. Avast wouldn't use that address. Or at least not legitimately. They shouldn't be in the business of guessing at people's email addresses.
Q)I'm sure you are aware that email also passes through multiple servers and unless encrypted it is possible it could get intercepted.
A)When? Let's look at the sequence:
1.Sometime within the last year or so I have registered for their software using their website.
2.They would have sent me an email containing the licensing information.
3....time passes....
4.I get two spam emails using the address entered at (1).
When exactly do you think the 'leak' occurred? It's been many months since I registered for Avast and since I got the registration email the address should have been dormant. There'll be a record of it in my saved emails folder as part of the registration email but that's it. If that address has somehow been farmed from there then why not all the other addresses I have stored in saved messages? Why not all the addresses that are active?
Just how does a single address that has been used once and once only over six months ago suddenly gone active for spam?
I've just gone onto my provider's webmail system to check (thereby avoiding filtering) and it looks pretty normal. Half a dozen spams from known sources but basically quiet as normal. I am not under any form of dictionary attack. It's just the one unique address that only Avast should know about that has gone bad recently.
-
(off topic) Mind you having checked the raw input as it were it's educational. Most of the spam is targetting a personal address that was blacklisted because they got hit by a trojan. That ocurred many years ago. They've got married and had two kids since I blacklisted that address. Amazing to think that the address is still the target of spam after all these years. The other couple of addresses are for businesses I used to use. Interesting that those aren't as heavily targetted. Perhaps that's an indication that they sold the address list rather than having it stolen.
Presumably if it's a 'legitimate' sale it's seen as having value so doesn't get 'whored' around as much as one stolen by a trojan.
I guess time will tell if Avast's contact address goes the way of the trojan or remains a relatively low source of spam.
-
Once i had an e-mail from brand new ISP provider, i never used it, never told it to anyone and it was still getting junk on it. So your example proves nothing.
-
@AndrueC
I have to chime in to say, that I use 4 different email addresses for forums. *FOUR......the only one I get spam on is my gmail account (figures). That email account is not used here. I have absolutely no spam on the email account I use here, which is also the same email address I used to register my Avast! software.
So now what??
-
With GMail i don't even care about the spam. I never see it anyway :)
-
With GMail i don't even care about the spam. I never see it anyway :)
Yeah, I know....but it's still there in huge numbers everyday. lol
-
So what? ;D It's located in the Spam folder that i don't even check anymore. In all these years since GMail was first in beta, i got around 4 messages in Inbox folder. So thats nothing compared to other mail providers.
-
So what? ;D It's located in the Spam folder that i don't even check anymore. In all these years since GMail was first in beta, i got around 4 messages in Inbox folder. So thats nothing compared to other mail providers.
Agreed. :)
-
@AndrueC
There are 78006 Members here with probably about 100 active prticipants and you seem to be the only one complaining about spam from avast! so you should heed the advice of CharleyO.
In all the time I have used avast! I have never received spam from avast! to my email address I registered with.
I have the emails that I need to activate avast! and that's all.
-
@AndrueC
There are 78006 Members here with probably about 100 active prticipants and you seem to be the only one complaining about spam from avast! so you should heed the advice of CharleyO. .........
FTW!
-
Well @AndrueC
At least but not last,
Normally Spammer could gain and attacked the victim thru various ways :
1. Your IP Address from ISP, because the ISP has recognized as a black IP Address
2. DNS, if spammer could gain your domain server then their will be sent to you by every second spam
3. Human's error it is mean everyone should be ever submit or register at some famous forum or advertising forum. It wouldn't be ignored if spammer gain the information from them and blast the email to victim
4. Spammer could create a zombie at your internal user, and then the user as a zombie will blast the spam every second
5. Spammer could using your company's domain and then change the user name to blast to everyone
6. Spammer will always found the way to could attacks your mail server......
My suggest, your company should have Anti Spam Server/Gateway to filter all of your inbound/outbound mail address to avoid your domain recognize as violation email address and instead of that to filter each received email.
And i think each system have their weakness to control their data leaking. So far, i registered this forum under my company mail address doesn't received a lot spam, because we also implemented anti spam server at our mail server.
Regards,
Yanto Chiang
-
I agree with the others, I've never gotten spam from or via avast or its forums. Sorry, one exception, if I remember correctly; a year or two ago a new "member" here was spamming others very briefly, but vlk and others at alwil quickly took care of both that individual and improvements to their security setup here.
I've only got 2 email addys, my "main" one (which is what I use just about everywhere) on my ISP's POP server and one at Yahoo which is essentially a backup. My ISP's own "SpamGuard" service (they use the name generically since they've switched service providers a few times over the years) is excellent at filtering and quarantining stuff, and I might get all of two or three messages a month slip past that. And for those, I simply tell Thunderbird to treat them as junk.
There's almost no mail at the Yahoo addy, since I don't normally give that out, and Yahoo's so far been 100% effective at catching the rare (1 or 2 a day) spam that goes there.
So I don't bother with MailWasher or the like, I feel that I'm getting excellent protection from outside.
-
This will probably be my last post on the subject. I came here to try and warn/help Avast and their customers but I guess I've failed. Most of you don't even seem to understand the situation. But now that it's been several days since I first reported it I can try one last time be restating the situation.
I am not a company, I'm a private individual who happens to have his own domain. I'm not trying to harrass Avast or anything like that. I just feel that they (and perhaps you) need to be aware of this problem. I don't operate any anti-spam software. Nada. AVG scans emails for viruses but I haven't bothered with their spam offering. Everything that arrives at my domain initially gets put into a single mailbox on my domain provider's server. It is then filtered by Thunderbird based on the 'To:' field before being copied to my inbox.
For the past decade I have given each and every contact their own unique address to use for me. Even family members have their own assigned address. Even I have my own address for sending reminders from work. This address is based on a template so that anything random is easy to filter. Examples of this (using fake details of course are):
bill.wibble@fakedomain.com
john.wibble@fakedomain.com
avast.wibble@fakedomain.com
tesco.wibble@fakedomain.com
Anything that doesn't have .wibble@ in the To: field is deleted. This is a first line defense against dictionary attacks. It's highly unlikely that such an attack would contain the '.wibble@' marker. If run for long enough it might do but since I am currently averaging less than 60 incoming emails to my domain I am clearly not under attack.
Others have suggested that the address was trawled from my system by a trojan. The problem with that theory is that it doesn't make sense. These addresses are not stored in my address book. They can be found by trawling through received messages but what kind of bot would trawl through your email looking for addresses used to send you email? It's daft. If a bot has that much control it no longer cares about you. It wants addresses that you use for sending email out.
Others have suggested that the address was farmed while in use. Well that doesn't add up. First off it's only been used once (ignoring the spam) when I registered Avast earlier this year. It has been over six months since that time. How come other, far more active, addresses have not been farmed?
It's now several days since I reported this and no other address has been used to send me spam. My domain continues to receive less than 60 emails a day. All the addresses used were once given out by me so there's no dictionary attack at work.
So what we can say is that out of several dozen email addresses the only one that has started to be used for spam in the last year or is the one I gave to Avast. Or to put it another way:Out of the approximately 10,000 emails my domain has received since I registered AVG in the last year the only new source of spam is the address given to Avast over six months ago.
Looking at the example above. If 'avast.wibble@fakedomain.com' is the only address being used to send me spam and if 'fakedomain.com' is never getting email sent to it without the '.wibble@' marker - how do you explain it? Because whatever explanation you come up with has to explain what is so unique about 'avast.wibble@fakedomain.com' and there's only one thing that is obviously unique about it.
As for the advice - I don't need. I have added that address to my blacklist and I now receive no spam whatsoever. Nada. How many of you can claim the same without having to resort to anti-spam software? That's how effective my system is. It's not an original idea (I can't claim to have invented it) but it is a very effective system.
-
Hi,
I hope that is your last ever tediously long and boring post here.
The chances that you are right are close to zero.
It is doubtful that you read the references in the responses.
Thank you. I have my own fast, simple and effective strategies.
My regards
Please make your future posts brief
-
AndrueC,
I have two email addresses, a hotmail account set up years ago (which gets a little of the "regular" kind of spam for viagra, online games etc), and the one provided by my ISP. The latter is used for all dealings with Avast. I use no special spam filters, just reasonable care in who the address gets sent to. And a request to all friends who know that address to not forward "FW" messages with multiple recipients. (So, just the usual precautions.)
I have sent a few email messages to Avast, viruses, FP info etc, and reported spam on the forums as I see it, and when reporting spam, if the text field is used (which I do) the users' email address is revealed to moderators. This is also the address used to register for Avast.
I am into my fourth year of using Avast. In that time I have received two spam emails.
Two.
Wonder if I should be worried about this? ;)
-
***
I just thought of something that seems far fetched to me, but, perhaps it is what might be going on.
I did not read back through all of this thread so maybe I missed it or do not remember. But, I now wonder where AndrueC got his avast program from? Is the avast program he is using the true avast program or is it one of those fake avast programs. If it were one of those fake programs, that might explain why he is getting spam email.
***
-
@AndrueC
I did not read back through all of this thread so maybe I missed it or do not remember.
how do you get the fake domain id?. by entering your original email id. isn't it?. what if those guys who generate fake domain id, so that you can get the emails without revealing your original email id, are spamming?
nmb