Avast WEBforum

Other => General Topics => Topic started by: exocet on March 30, 2012, 05:45:42 AM

Title: Spam on my email address soley used here.
Post by: exocet on March 30, 2012, 05:45:42 AM
I have just received Spam on the email address used in here only, the email address doesn’t exist as its a forward address to a collection address, it has never, and cannot be used to send mail. Therefore the weak link is this forum. So perhaps Avast exec or website manager would care to explain this.

I say again, this is an email address that is a forwarder only, has never cannot be used to send mail. This is done for the specific purpose of knowing where a weak link is when Spam is received on a given email address. I do not allow other users to contact me in this forums.

I attach the Spam email in raw form for your perusal. I am not impressed!

Title: Re: Spam on my email address soley used here.
Post by: Muad'Dib on March 30, 2012, 06:00:13 AM
exocet,

I got the same spam email (also sent to a forum unique address), I already posted about this in another thread.

I'd suggest you change your forum email address (and disable your current one), especially since your attachment includes your forum address for anyone to download and see.

Title: Re: Spam on my email address soley used here.
Post by: exocet on March 30, 2012, 06:17:17 AM
exocet,

I got the same spam email (also sent to a forum unique address), I already posted about this in another thread.

I'd suggest you change your forum email address (and disable your current one), especially since your attachment includes your forum address for anyone to download and see.

Thank you, I did that already before I even posted, I run a forums using the same core software this forum uses.

You can check out this post on my forums by clicking here (http://tgsquad.com/Scripts/smf/index.php/topic,2589.0.html).

Now we will see how long it takes before my new email forwarder unique to this forum gets breached.
Title: Re: Spam on my email address soley used here.
Post by: AdrianH on March 30, 2012, 06:43:52 AM
This has nothing to do with avast. I have the same spam on a reserved email address that has never been used anywhere at avast.

The same complaint has been seen of late on several forums I use and people automatically think it MUST be the sites fault.  Fact is spam can be sent to domains where no email account has ever been set up, I have 3 domains where the mail system has never been used, BOTS however are programmed to locate domains and find a usable name to forward their junk and crap is received.
Title: Re: Spam on my email address soley used here.
Post by: exocet on March 30, 2012, 06:54:01 AM
That may well be true but my domain has had no bots probe email addresses, I cannot say too much but I will know instantly if an email address received a probe, again it is not an email address its a trap for a forward.

That’s all I’m saying, only one other forums leaked my email and others but that was down to and idiot admin who decided to reveal email addresses. But this is not probed as it doesn’t exist and cannot respond to a mail request.

Title: Re: Spam on my email address soley used here.
Post by: Muad'Dib on March 30, 2012, 07:17:44 AM
Both exocet and I received identical emails to our avast! forum only email addresses on the same night. And the same night, the user Stalka (who started a similar thread) also received spam to his avast forum only address (I don't know the content's of Stalka's email, so I can't confirm if it's identical or not). The only place my email could have been detected is from the avast! forum. The domain is used solely for email, and the email addresses used are not stored there (they are primarily unique addresses for various uses - forums, merchant sites, etc.). And I have also not received the same spam to any other email address - only to my avast! forum one. To me this clearly points to someone/thing having access to the forum's email list.

Now given the topic of the spam, I'm sure a lot of people may have this automatically blocked by their ISPs, so they may never know if they received one. But I predict that more forum users will be soon be posting messages similar to the ones exocet and I have posted.
Title: Re: Spam on my email address soley used here.
Post by: tbessie on March 30, 2012, 09:13:23 AM
I also have received spam emails (not related to antivirus products, either) from the email address I use ONLY for this forum.  I believe I may also have received spam emails to the email address I use for my Avast account itself.

Not very encouraging for a security company, huh?

- Tim
Title: Re: Spam on my email address soley used here.
Post by: tbessie on March 30, 2012, 09:20:16 AM
This has nothing to do with avast. I have the same spam on a reserved email address that has never been used anywhere at avast.

The same complaint has been seen of late on several forums I use and people automatically think it MUST be the sites fault.  Fact is spam can be sent to domains where no email account has ever been set up, I have 3 domains where the mail system has never been used, BOTS however are programmed to locate domains and find a usable name to forward their junk and crap is received.

I have my own domain, and specifically tag each email address I supply with the name of the party to whom I am supplying it.  A "dictionary attack" spam (where they try many addresses at a given domain) wouldn't be likely to generate these specific strings that are ONLY provided to certain parties (forums or other accounts).

This has happened with even big-name companies - for example, I provided the Wall Street Journal and United Airlines with special tagged emails that only they had, and I received spam on them.

Happily, I have received spam on these tagged emails rarely, so they are likely instances of employees of the companies stealing the mailing lists, the companies themselves having an internal policy of selling them, or third party hackers getting hold of the user databases.

Man-in-the-middle attacks can happen (capturing packets, capturing routed emails, etc.), but I would be seeing a LOT more spam on these tagged emails if that were happening frequently, so I tend to hold the people I gave the email address to (eg. this forum, etc.) accountable for its lack of security.

- Tim
Title: Re: Spam on my email address soley used here.
Post by: DPAvaster on March 30, 2012, 09:32:04 AM
I have also received today 2 spam messages to my email account that was used for registration to this forum in 2009.
The email address is not used anywhere else and so it identifies Avast forums as the source.
I would like to know if Avast sells email address lists to 3rd parties.   As has been said before, this is not impressive !!!!
Title: Re: Spam on my email address soley used here.
Post by: Asyn on March 30, 2012, 10:07:00 AM
1. I have also received today 2 spam messages to my email account that was used for registration to this forum in 2009. The email address is not used anywhere else and so it identifies Avast forums as the source.
2. I would like to know if Avast sells email address lists to 3rd parties.

1. I can't confirm the reports posted here...!!!
I had a look at my mails, on my local spam folder and even on my ISP's spam folder. Nothing related there.
2. Certainly not..!!!
Title: Re: Spam on my email address soley used here.
Post by: davegm on March 30, 2012, 11:15:30 AM
I too have received 3 spam emails within the past day or so to an email address used to register with Avast in 2007 and later used to register with this forum, but not used for any other purpose.
Title: Re: Spam on my email address soley used here.
Post by: bioxx750 on March 30, 2012, 11:31:04 AM
1. I can't confirm the reports posted here...!!!

Means absolutely nothing

2. Certainly not..!!!

How would you know?

BTW,  2 emails this morning to the address I only use here, both marked as spam but the sender must be known to the AV I use coz they both got flagged as phishing attempt as well.
Title: Re: Spam on my email address soley used here.
Post by: DavidR on March 30, 2012, 11:49:14 AM
@ exocet
I have received spam on address that haven't even been used anywhere before (just created).

But what doesn't help is the attachment you have posted has your email address in it, so I would suggest you remove the attachment.

These are publicly available forums that no doubt email harvester bots would scan, so another area is your email address showing in public (forum profile settings, Allow users to email me), if it was even for a limited time that too could be a source. But your settings currently don't allow that so there is no email icon displayed (only you and moderators can see the email icon).

That said the new forum software doesn't directly display your email address, but it could potentially be harvested, if you have the Allow users to email me, it could be manually harvested.
Title: Re: Spam on my email address soley used here.
Post by: Asyn on March 30, 2012, 11:52:13 AM
1. I can't confirm the reports posted here...!!!

Means absolutely nothing

Well, that's my personal experience. :P
If I should get such mails in the future, I'll let you know.
Title: Re: Spam on my email address soley used here.
Post by: IWRConsultancy on March 30, 2012, 01:16:40 PM
Me too, today.

I imagine the problem is nothing to do with Avast itself but with the forum software. Many forum coders (and CMS website coders) are ostriches with their heads firmly stuck in buckets of sand when it comes to the issue of address harvesting.

http://spamwise.org has some tools which can help locate such vulns.
Title: Re: Spam on my email address soley used here.
Post by: chocholo on March 30, 2012, 01:24:39 PM
I can say on behalf of AVAST Software, that we are not selling any e-mail addresses and that we are running the latest available version of the forum software.
Title: Re: Spam on my email address soley used here.
Post by: exocet on March 30, 2012, 03:25:20 PM
I can say on behalf of AVAST Software, that we are not selling any e-mail addresses and that we are running the latest available version of the forum software.

1. Nice PR reply to something that was never stated (selling email addresses), it has been clearly stated Phishing and email harvesting is the cause,, if you care to read the original comments you would know this, or perhaps your reply is a deliberate deflection. If I sound hostile it is because of lack of care over this security issue.

2. My profile has been set to never show email or anyone to contact me except the admin.

3. The latest Version is far from immune form spammers and harvesters, it is the added security issues and diligence by the webmaster that prevents this. I have vast long term experience with Simple Machines Software. It would be safe to say I know this software inside out and to use the term "we are running the latest available version of the forum software" is no comfort as not only are you hiding the version number but the latest software is not safe enough on its own to combat Spam.

This is a subject I am passionate about, the security of my users on my forums (also the very latest available), but if you knew the additions put in place and the education the moderators have received, my users personal information is obviously more secure than here.

Title: Re: Spam on my email address soley used here.
Post by: DavidR on March 30, 2012, 03:32:18 PM
Re 1. you may not have mentioned it, but DPAvaster certainly did in Reply #8.
Title: Re: Spam on my email address soley used here.
Post by: exocet on March 30, 2012, 04:08:20 PM
One of the things my own company thrives on is, "what we do about your problem/query" what I have constantly said to others companies, "Its not the fact its broken that will impress or anger me, its what you do about it that will impress or anger me".

So far I'm not impressed.

As an aside

Me too, today.

I imagine the problem is nothing to do with Avast itself but with the forum software. Many forum coders (and CMS website coders) are ostriches with their heads firmly stuck in buckets of sand when it comes to the issue of address harvesting.

http://spamwise.org has some tools which can help locate such vulns.


The Spamwise site get a 403 from my website and an error 22 on their error system (whatever that is), I looked for their meaning of error 22 and gave up after a few clicks looking for its meaning. However http error code 403 is a "forbidden request", this means even if the request was a legitimate probe/request it was denied by the server (my domain).

Yes the software is responsible for the security issues, but Avast are responsible for the control and security of the software and the impact it has on its users. The blame and burden of responsibility falls firmly on their shoulder of Avast.

So perhaps I should have been clearer in the first instance, so here goes. You have a security breach on your forums, I and others are receiving Spam gleaned from addresses on these forums, what are you going to do about it?

Title: Re: Spam on my email address soley used here.
Post by: Gargamel360 on March 30, 2012, 05:53:25 PM
Hmmm, I just looked, and there is a "lonely girl" trying to contact me in my gmail SPAM folder.

It no 100% confirmation or anything, since I do not have a separate email for every purpose.   But the law of coincidence can only stretch so far.
"Its not the fact its broken that will impress or anger me, its what you do about it that will impress or anger me".
So far I'm not impressed.
  ::)   It has not even been 24 hours, did you expect a klaxon alarm, with a full armed response? 
Yes the software is responsible for the security issues, but Avast are responsible for the control and security of the software and the impact it has on its users. The blame and burden of responsibility falls firmly on their shoulder of Avast.
Avast! does not make SMF, so apart from the responsibility of running the latest version, how does the any blame fall to them?  Now, if this continues, then you might have something.
Title: Re: Spam on my email address soley used here.
Post by: curious! on March 30, 2012, 07:13:41 PM
"I happen to be hunting for a dude to hook up with!!! answer back for pic quickly!"

"i'm seeking a male to be able to hookup with!!!"

just arrived in my inbox. First mails to this address for about 9 months. Never use it for anything other than Avast!.

Just for your information.  :)

Title: Re: Spam on my email address soley used here.
Post by: essexboy on March 30, 2012, 07:55:58 PM
There may well be a security breach within the forum software, as I received 3 in my spam folder.  Didn't check the address though I just binned them

But the same starter "lonely girl"

I know they are using the same forum software at G2G and they are moving away from it as it is easily breached and is always getting  little bugs

Definitely require a review of the software
Title: Re: Spam on my email address soley used here.
Post by: FreewheelinFrank on March 30, 2012, 08:12:55 PM
Hmmm....

Same here in my Hotmail spam tray today.

Quote
i'm just searching for a gentleman to hookup with!!! respond back for photo right now!‏

From:   Lonely Girl
Title: Re: Spam on my email address soley used here.
Post by: penfold on March 30, 2012, 11:15:40 PM
I too received a "Lonely Girl" e-mail to an address that is specifically and only associated with this forum!!!!

I do hope that avast take this very seriously, identify the leak, correct the problem and notify all affected users as soon as possible - otherwise we are talking about huge amounts of credibility that is at stake (and a big customer loss)!!

mb
Title: Re: Spam on my email address soley used here.
Post by: exocet on March 31, 2012, 01:04:49 AM
Big customer loss is the order at my company for 10am meeting on Monday, if I have no reasonable response then we shall be not longer selling or supporting our customers using Avast internet security.

This may not be important to some people, but my company and gaming squad website are very serious about customer support and security.

My gaming squad website enjoys around 250 phishing, comment spamming, SQL injection, and dictionary attacks each week using exactly the same core software this forum uses. I am proud to say NO ONE GETS SPAMMED as a result of being registered on our site.

Looking at the trace form the Spam that seems to be hitting this forum it would have been stopped by our forums.

I have just logged into the gaming squad forums and its enjoyed 276 hack attempts since midnight Sunday 25th March GMT, this log is purged around midnight each Sunday (GMT)

So I know this software can be made far more secure than it apparently is here.

Time is running out AVAST, we sell approx 20 copies of your software a week and support it ourselves to our users.

http://tgsquad.com
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on March 31, 2012, 07:56:16 AM
FWIW, I had just two email addresses hit.  One was the email address I setup for my FlyingRobot account here, the other was an email address I setup just to register the avast program a long time ago.  This later one I *might* have used in this forum at one point a long time ago, I'm not sure.
Title: Re: Spam on my email address soley used here.
Post by: AdrianH on March 31, 2012, 08:21:29 AM
Oh dear is this still winding people up? It is SPAM FLOODING and the addresses are just bot generated.

These messages are being received all over the net and are not restricted to users here.  I have seen this and other spam flooding to plenty of addresses. I know of a company system that is purley for internal use but the domains there are receiving this garbage to the catchall address.

My ISP provides a small hosting package for free, my domain there has seen spam , I have never set anything up using that domain, I have nothing  running there and have never set up an email account yet "Lonely Girl" has been sent to the catchall there.

I run a closed forum, not accessible to the public, no bots/crawlers ever get access and members need a 16 character password to enter, the control panel is locked down to one IP address and the server is drilled down and firewalled, the admin and bounce addresses have seen this message and members are seeing it arrive at various email addresses they have.

Over at vbulletin.com the members only forum is seeing the same "you have sold our email addresses /the server has been breached" complaints ( which it hasn't)  the same is happening elsewhere, there really is nothing unique here.
Title: Re: Spam on my email address soley used here.
Post by: tbessie on March 31, 2012, 09:09:20 AM
Oh dear is this still winding people up? It is SPAM FLOODING and the addresses are just bot generated.

These messages are being received all over the net and are not restricted to users here.  I have seen this and other spam flooding to plenty of addresses. I know of a company system that is purley for internal use but the domains there are receiving this garbage to the catchall address.

...

That may well be, but, once again, we're not talking about random, Dictionary-attack style email addresses. We're talking about specific email addresses created for use for specific services we provide them to.  For example, if I give my email address to avast, I give them THIS_EMAIL_COMES_FROM_AVAST@mydomain.com.  If I give it to Best Buy, I give them BEST_BUY_SENT_ME@mydomain.com (or something along those lines).

For those SPECIFIC email addresses to be used as spamming address, a random, dictionary, or even educated-guess style email-address generating bot is VERY unlikely to come up with them, especially if the only time I get a given spam is to an address I specifically supplied to a service or forum, but I don't get those spams to any catchall on my domain.

I assure you that if an email makes it to THIS_EMAIL_COMES_FROM_AVAST@mydomain.com, then that same email will make it to ABCDEFG@mydomain.com, because by the time it reaches the step in email processing on my ISP's servers, it's already passed their spam filters and made it to my procmail filter.

So... are you claiming that the above sorts of email addresses are just randomly generated, or did you mean to say that these bots are using code injection, etc. to extract valid email addresses provided to the forums, for example, as has been suggested?

- Tim
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on March 31, 2012, 09:18:47 AM
Actually, it doesn't matter whether the same or similar spam is being delivered to other email addresses as it is more often than not a case of general spamming rather than a narrowly targeted type of spam or exploit aimed at a specific group of individuals.  What matters is things such as:

1) To whom the email address has been disclosed.  Those who give out different email addresses to different entities can recognize an email address leak when others cannot.
2) The uniqueness of the email address and how difficult it would be to guess.  Spammers will often try common names/terms and also the same less common ones at different domains.  So when giving out unique email addresses it is best to make them highly unique and ideally very obscure and random. 
3) Whether the email address was acquired before you created it.  Those who have controlled their own domain names and email servers for a very long time have an advantage in terms of knowing whether they are re-using an email address that was used before and thus possibly harvested by a spammer.
4) Whether the other user's systems used to store/process the email address in question have been kept secure including against fishing for valid email addresses.  Paying attention to which email addresses get hit, and which don't, can give you a clue as to whether that was the case.
5) Logs, logs, logs!  While those who don't have them will forever be left guessing, those who do have them turned on will be able to make rational calls.  Did the client connect to their mail server and initiate a dictionary attack?  Did the client only target one specific email address amongst very many?
6) Whether multiple, clueful parties are reporting evidence of an email address leak

Which is a brief educational snippet way of saying: someone should be taking these reports seriously and looking into ways in which our email addresses may have been compromised on their end.

Title: Re: Spam on my email address soley used here.
Post by: AdrianH on March 31, 2012, 10:25:36 AM
Oh dear is this still winding people up? It is SPAM FLOODING and the addresses are just bot generated.

These messages are being received all over the net and are not restricted to users here.  I have seen this and other spam flooding to plenty of addresses. I know of a company system that is purley for internal use but the domains there are receiving this garbage to the catchall address.

...

That may well be, but, once again, we're not talking about random, Dictionary-attack style email addresses. We're talking about specific email addresses created for use for specific services we provide them to.  For example, if I give my email address to avast, I give them THIS_EMAIL_COMES_FROM_AVAST@mydomain.com.  If I give it to Best Buy, I give them BEST_BUY_SENT_ME@mydomain.com (or something along those lines).


- Tim

That is exactly what the bot programmers know and do. They find a domain and then try from a list of male then female names, then application lists, online seller lists etc.   So they look at avast@ domain.com then Avira/Eset/Commodo etc.etc.

I used to have a server where I had a different email address for every account I set up on the net and yes I got spam to specific addresses and have seen spam to my addresses where the company I had purchased from no longer existed .

Title: Re: Spam on my email address soley used here.
Post by: Stalka on March 31, 2012, 01:38:43 PM
That is exactly what the bot programmers know and do. They find a domain and then try from a list of male then female names, then application lists, online seller lists etc.   So they look at avast@ domain.com then Avira/Eset/Commodo etc.etc.

Are you trolling? Do you honestly believe an email harvester will RANDOMLY arrive at an email address such as 20060809_forums.avast.com_stalks@domain.com

E-mail harvesting via repeated failed attempts to a domain doesn't happen that often. I manage an ISP with over 3000 domains served by a Postfix installation. We use fail2ban (http://www.fail2ban.org/) to scan logs for repeated failed delivery attempts. I get an e-mail whenever an IP is banned. For that particular rule I get an e-mail once a week or less.

Please give it up, you are just creating unnecessary noise.
Title: Re: Spam on my email address soley used here.
Post by: Straydog on March 31, 2012, 05:19:15 PM
To start, you can take the previous complaints as my own because I couldn't agree better.

I post here the e-mail I sent to Avast's PR, frink@avast.com, only obfuscating my e-mail address.


It is unbelievable. Avast forum does not allow communication with its administrator. Well, this clearly shows how the administrator is hiding from being accused of what is considered criminal actions or procedures.

I registered on that forum about two years ago (can't remember exactly when). As you probably know, Yahoo mail offers the possibility of having disposable mail addresses, so that we can use individual different addresses for different contacts. That is what I do when I register anywhere. When I registered at the Avast forum I used (name)-at@yahoo.co.uk. I haven't given that address to anyone else. Therefore, no one else in the world could write to me using that address apart from Avast forums or someone to whom that address would be given by Avast or stolen from Avast.

Now, I am starting receiving spam on that address, like the two attachments. Now that is started, it is no going to finish. Clearly, Avast sold or otherwise gave away my e-mail address or allowed it to be stolen, and it is not even possible to tell the forum administrator because forum registered users are not allowed to send messages to him.

I want to know what you are going to do about this proven dishonesty. Just thinking of it: you make programs to fight spam and you are feeding spammers yourselves!



I don't attach here the e-mails sent to frink@avast.com because they would reveal my address.

From what we can read on the following thread, this occurrence is not a new one of its kind. Maybe there are many more, but I didn't search for.
http://forum.avast.com/index.php?topic=49786.0
Title: Re: Spam on my email address soley used here.
Post by: spg SCOTT on March 31, 2012, 05:34:29 PM
Hi straydog,

I will not comment on the reasons as to why/how this is happening, since I (a) have yet to receive such spam, (b) don't know the full story of what is going on. All I can say is that I have been watching for the spam myself, and also reading the threads on the subject.


To start, you can take the previous complaints as my own because I couldn't agree better.

I post here the e-mail I sent to Avast's PR, frink@avast.com, only obfuscating my e-mail address.


It is unbelievable. Avast forum does not allow communication with its administrator. Well, this clearly shows how the administrator is hiding from being accused of what is considered criminal actions or procedures.

<snip>

I will however comment on this.

You can contact the (one of the ) forum admin, in fact he has asked for it (albeit in another thread):
http://forum.avast.com/index.php?topic=96437.msg769084#msg769084

You may want to forward the email to him as well, just for completeness.

It is also possible to search for them here too. (use by position). It is also possible for personal messages to be sent to him, however you possibly may not be able to due to restrictions on newer members, including profile limitations such as personal messaging. (to avoid PM spamming - Yes, I see the irony of the situation)

He has asked for information, and so is aware of the situation and is investigating.

Just trying to clear up what I can, and I hope that this will be resolved soon :)

Scott
Title: Re: Spam on my email address soley used here.
Post by: exocet on March 31, 2012, 08:47:02 PM
Oh dear is this still winding people up? It is SPAM FLOODING and the addresses are just bot generated.

These messages are being received all over the net and are not restricted to users here.  I have seen this and other spam flooding to plenty of addresses. I know of a company system that is purley for internal use but the domains there are receiving this garbage to the catchall address.

...

That may well be, but, once again, we're not talking about random, Dictionary-attack style email addresses. We're talking about specific email addresses created for use for specific services we provide them to.  For example, if I give my email address to avast, I give them THIS_EMAIL_COMES_FROM_AVAST@mydomain.com.  If I give it to Best Buy, I give them BEST_BUY_SENT_ME@mydomain.com (or something along those lines).


- Tim

That is exactly what the bot programmers know and do. They find a domain and then try from a list of male then female names, then application lists, online seller lists etc.   So they look at avast@ domain.com then Avira/Eset/Commodo etc.etc.

I used to have a server where I had a different email address for every account I set up on the net and yes I got spam to specific addresses and have seen spam to my addresses where the company I had purchased from no longer existed .

If that being the case then I should be getting Spam from many addresses, I DON’'T, only one, the one used for AVAST, this is the first Spam I have had in 11 years.

Those who know me, know to use BCC if the you want to multi email, when anyone does not comply I remove the mail address and never give them a new address. One person who never did learn did this to me three times after being told, I won't divulge what I did, but they do now regret that.

At the end of the day it is not Spam generally all over the net, its Spam arising from this forums database. This issue is exacerbated by the apparent lack of care or concern by Avast, as previously stated the clock is ticking.


Title: Re: Spam on my email address soley used here.
Post by: tbessie on March 31, 2012, 09:06:31 PM
That is exactly what the bot programmers know and do. They find a domain and then try from a list of male then female names, then application lists, online seller lists etc.   So they look at avast@ domain.com then Avira/Eset/Commodo etc.etc.

I used to have a server where I had a different email address for every account I set up on the net and yes I got spam to specific addresses and have seen spam to my addresses where the company I had purchased from no longer existed .

I'm still quite doubtful - I've been tagging my email addresses for years (more than 10), and on the occasional case when I get spam directed to the address, very rarely a dictionary/random address, but much more frequently the specific one I used.

Call it a hunch, or a guess based only on long years of experience (since I don't know exactly how the spammers got/generated the address), but I have a very strong feeling, informed by all these years and stats, that when I get emails to these specific addresses, it comes from someone having the specific email, and not from smart bots that are using their AI go guess.  They might be using their AI to scrape addresses from sites, but I don't think guessing is happening here.

Just my thoughts. :-)

- Tim
Title: Re: Spam on my email address soley used here.
Post by: essexboy on March 31, 2012, 09:09:31 PM
Have you received any more or was it just a one off ?
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on March 31, 2012, 09:09:55 PM
I haven't had any spam from this or any other forum and am active in a few.  :)
Title: Re: Spam on my email address soley used here.
Post by: Gargamel360 on March 31, 2012, 09:30:06 PM
I just checked my box....have not received any more yet.
Title: Re: Spam on my email address soley used here.
Post by: tbessie on March 31, 2012, 09:44:45 PM
Have you received any more or was it just a one off ?

Just one this time 'round, though I have received many on a previously registered Avast forum address.  They had come in bursts before, and seem to have died down.

- Tim
Title: Re: Spam on my email address soley used here.
Post by: VicVegas on March 31, 2012, 10:03:55 PM
Really? This is such a big deal? >:(

Compared to my reasoning for leaving Kaspersky this is just silly. Though seeing as even the free version of Avast! is vastly superior to KAV, I may just be especially forgiving.

Also I specifically registered last night and have not received anything from "Lonely Girl" just thought I'd mention that. Heck I've got this e-mail registered to a bunch of different sites and I've never gotten any spam, so maybe I'm just lucky. Or perhaps it's because my e-mail is neither a real word nor a jumble of numbers, I don't know.

Have you tested other AV forums for this as well?
Title: Re: Spam on my email address soley used here.
Post by: YoKenny on March 31, 2012, 11:55:21 PM
I haven't had any spam from this or any other forum and am active in a few.  :)
No spam for me also!
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on March 31, 2012, 11:58:44 PM
One important question is whether 1) this is only affecting email addresses in the forum database,  or 2) whether it is [also] affecting email addresses shared with avast via other mechanisms.  My impression after going through this thread is that there is no useful evidence of #2.  If anyone has useful evidence of #2, please report it here in very clear terms.

FWIW, I do have some reason to doubt #2 and it is this:  I use recipient-unique, time-limited throw-away email addresses for software registrations and forum registrations.  My older avast-specific email address which was hit, which I think I might have once used in the forum, was for some reason tagged incorrectly and thus it was not automatically deactivated.  What I realize today is that in the past I used several other email addresses *just when registering avast software*.  Those were properly deactivated, but I found them today and thus could double check my logs to see if they were a RCPT TO within the past year or so.  None of them were.  This "two of two avast forum email addresses were targeted,  zero of two avast registration only email addresses were targeted" is non-conclusive but I consider it a good sign.

Title: Re: Spam on my email address soley used here.
Post by: tbessie on April 01, 2012, 12:20:49 AM
One important question is whether 1) this is only affecting email addresses in the forum database,  or 2) whether it is [also] affecting email addresses shared with avast via other mechanisms.  My impression after going through this thread is that there is no useful evidence of #2.  If anyone has useful evidence of #2, please report it here in very clear terms.

FWIW, I do have some reason to doubt #2 and it is this:  I use recipient-unique, time-limited throw-away email addresses for software registrations and forum registrations.  My older avast-specific email address which was hit, which I think I might have once used in the forum, was for some reason tagged incorrectly and thus it was not automatically deactivated.  What I realize today is that in the past I used several other email addresses *just when registering avast software*.  Those were properly deactivated, but I found them today and thus could double check my logs to see if they were a RCPT TO within the past year or so.  None of them were.  This "two of two avast forum email addresses were targeted,  zero of two avast registration only email addresses were targeted" is non-conclusive but I consider it a good sign.

As for myself, I first registered for Avast with a throw-away Yahoo email address, and can't recall which one Avast has for me now (since I've re-registered); also at first, I used the same address for both Avast and Avast Forum registrations, so I couldn't be sure which one came from which.

Now that I have reregistered, and have separate emails for Avast and Avast Forum, I'm sure I'm getting the spam on the Avast Forum address, but unsure about the Avast account address.  I will have to check what its set to be now.

- Tim
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 01, 2012, 12:35:19 AM
One important question is whether 1) this is only affecting email addresses in the forum database,  or 2) whether it is [also] affecting email addresses shared with avast via other mechanisms.  My impression after going through this thread is that there is no useful evidence of #2.  If anyone has useful evidence of #2, please report it here in very clear terms.

FWIW, I do have some reason to doubt #2 and it is this:  I use recipient-unique, time-limited throw-away email addresses for software registrations and forum registrations.  My older avast-specific email address which was hit, which I think I might have once used in the forum, was for some reason tagged incorrectly and thus it was not automatically deactivated.  What I realize today is that in the past I used several other email addresses *just when registering avast software*.  Those were properly deactivated, but I found them today and thus could double check my logs to see if they were a RCPT TO within the past year or so.  None of them were.  This "two of two avast forum email addresses were targeted,  zero of two avast registration only email addresses were targeted" is non-conclusive but I consider it a good sign.

As for myself, I first registered for Avast with a throw-away Yahoo email address, and can't recall which one Avast has for me now (since I've re-registered); also at first, I used the same address for both Avast and Avast Forum registrations, so I couldn't be sure which one came from which.

Now that I have reregistered, and have separate emails for Avast and Avast Forum, I'm sure I'm getting the spam on the Avast Forum address, but unsure about the Avast account address.  I will have to check what its set to be now.

- Tim

It's a little odd that you who haven't done a lot of posting on this forum should be singled out for spam and someone like
myself who has an abundant amount of posts and some one who makes no attempt  at hiding anything haven't received any Spam from here or any of the other forums I occasionally visit. ???
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on April 01, 2012, 01:02:48 AM
It's a little odd that you who haven't done a lot of posting on this forum should be singled out for spam and someone like
myself who has an abundant amount of posts and some one who makes no attempt  at hiding anything haven't received any Spam from here or any of the other forums I occasionally visit. ???

Yes it is, but what possible explanations are there? 

1) The spammer only harvested some email addresses and/or hasn't gotten around to emailing all of the ones they have. 
2) An attempt was made to hit your email address but a rule caught it and put it into a spam folder which you don't check.  Have you carefully checked such folders?
3) An attempt was made to hit your email address but a rule caught it and simply blocked or subsequently deleted it without your knowledge.  Do you run your own email server?  Do you know exactly how spam is filtered via static and dynamic rules?  Can you check the logs to see if an attempt was made?  Most don't have full visibility into such things and thus while they might know whether a spam was received they can't rule out that an attempt was made.

Note: I'm leaving some others out which I personally consider to be eliminated already, such as the idea that each user's email address was captured through an exploit targeting their browser/system. 
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 01, 2012, 01:08:40 AM
Sorry but I always check my Spam Folder for possible misdirected emails.



Quote
Do you know exactly how spam is filtered via static and dynamic rules?  Can you check the logs to see if an attempt was made?  Nearly everyone doesn't fall into this category and thus their not see a spam isn't a reliable datapoint so to speak.


I think I've been around the block a few times and can recognize a Spamming Attack if one happened.  ;D
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on April 01, 2012, 01:17:02 AM
You failed to comment on the key question, which is whether you run or otherwise have core access to your email server and have the ABILITY to SEE everything you need to in order to make such a call.  Do you?  If you are using any major web mail provider, ISP, etc you don't.
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 01, 2012, 01:23:28 AM
Since I primarily use gmail, you're correct I don't.
That doesn't change the fact that I've not received any spam as a result of being
a member of this forum.



Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on April 01, 2012, 01:45:18 AM
Since I primarily use gmail, you're correct I don't.
That doesn't change the fact that I've not received any spam as a result of being a member of this forum.

Your not having full visibility into your email server configuration and logs calls that "fact" into question.  Furthermore, have you always given the avast forum a unique email address that you've used no where else?
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 01, 2012, 01:53:34 AM
The answer is NO and to me this is a dead issue.
I have never been spammed as I've already mentioned.

We can continue with additional non meaningful replies or simply leave this to the Mods.
Which is exactly what I intend do do.

Title: Re: Spam on my email address soley used here.
Post by: tbessie on April 01, 2012, 02:56:47 AM
Since I primarily use gmail, you're correct I don't.
That doesn't change the fact that I've not received any spam as a result of being a member of this forum.

Your not having full visibility into your email server configuration and logs calls that "fact" into question.  Furthermore, have you always given the avast forum a unique email address that you've used no where else?

I think this is a very valid question.

For example, my situation is that, while I don't run my own email server, my ISP allows me to set the level of ferocity of their spam filtering software (I haven't checked if they let me view their logs of attempted spams that were completely filtered out, blacklisted, etc.).

My ISP also puts emails it is not 100% sure are spam into a 'graymail' box, so that I can examine them.  In this case, the filters didn't catch it.

Also, once mail gets past the spam and graymail filters, I have a large number of procmail filters that are applied, sorting emails into about 20 different mailboxes based on various rules - from, to, subject, indirectly-sent (eg. mailing list or BCC), etc.  That way, I quickly can find suspect emails, or emails in mailboxes that have nothing to do with the associated email address.  Since I tag EVERY email address I give out, pretty much, I find any spams to specific email addresses very quickly.

I think the above set of conditions provides a lot of visibility into what's happening to my email addresses, short of running my own mail server.  There are probably quite a few emails I don't ever see that are caught by my ISP's (very good) spam filters, of course.

In any case, though we may not have convinced Bob that our emails have been stolen/sold/harvested/hacked or otherwise gotten by something other means than a dictionary-style hack, I maintain that it is likely that it has.  From things folks have said here, it's likely some sort of injection on known insecurities in this forum software, or an inside job by an untrustworthy employee (unless we want to believe that Avast would risk its reputation purposefully, which I do doubt they would).

- Tim
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on April 01, 2012, 04:26:01 AM
The answer is NO and to me this is a dead issue.
I have never been spammed as I've already mentioned.

Thank you for answering those questions.  Given this NO to the last question, I think we've established that you lack the *information* necessary to make a "I've never been spammed as a result of giving this forum my email address" call.  Because you don't use recipient unique email addresses, you lack the ability to assess from where spammers acquire your email address.  Because you don't know the intimate details of how your server is configured and can't check the appropriate logs, you can't rule out that your email address(es) have been a spam target.  Please forgive me for pressing this point, it is nothing personal, but it IS important.

It would be interesting to know if anyone who is setup and watching for email address leaks *hasn't* had their avast forum email address hit *as confirmed by their server logs*.
Title: Re: Spam on my email address soley used here.
Post by: AdrianH on April 01, 2012, 08:13:41 AM
One important question is whether 1) this is only affecting email addresses in the forum database,  or 2) whether it is [also] affecting email addresses shared with avast via other mechanisms.  My impression after going through this thread is that there is no useful evidence of #2.  If anyone has useful evidence of #2, please report it here in very clear terms.

FWIW, I do have some reason to doubt #2 and it is this:  I use recipient-unique, time-limited throw-away email addresses for software registrations and forum registrations.  My older avast-specific email address which was hit, which I think I might have once used in the forum, was for some reason tagged incorrectly and thus it was not automatically deactivated.  What I realize today is that in the past I used several other email addresses *just when registering avast software*.  Those were properly deactivated, but I found them today and thus could double check my logs to see if they were a RCPT TO within the past year or so.  None of them were.  This "two of two avast forum email addresses were targeted,  zero of two avast registration only email addresses were targeted" is non-conclusive but I consider it a good sign.

You missed out 3)   the same spam message is being received at email addresses that have NEVER been used in connection with avast ......... which it is.
Title: Re: Spam on my email address soley used here.
Post by: CraigB on April 01, 2012, 09:31:42 AM
Seems very strange that only a limited number of fairly new forum members are recieving this spam, i myself have recieved general spam not related to avast but similar to what others have mentioned here in content so it could just be random i believe and the other point to look at is did any of these new members have there email showing when they first joined the forum  ??? as if so they would have been easly harvested.
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on April 01, 2012, 01:23:22 PM
Seems very strange that only a limited number of fairly new forum members are recieving this spam... did any of these new members have there email showing when they first joined the forum  ???
I don't think this is affecting only fairly new forum members/addresses.  IIRC, several have reported having older avast only email addresses just hit (myself included).  I've seen numerous posters claim their forum email address was hit and three claims that their forum email address wasn't hit.  Problem is, none of the one's claiming their email address wasn't hit backed that up with the right words you would want to hear before you put weight on it.  So I don't think we can at this point assume that a limited number of forum member email addresses were affected. 

FWIW, I always immediately walk through the settings of a forum account and make adjustments as necessary.  I'm certainly not one that would opt to have their email address shown or allow email from members.  What's interesting though is that I've recently come across some past messages which suggest that at some point in time *the default* was to show or make revealable your email address.  I can't remember that.  I can't even imagine anyone allowing such a default to occur or continue.  I've since, recently, gone back into my settings to double check them.  I can't find a hide or show email address option.  What I do see is the "Allow users to email me" option, unchecked, which the help page describes as: Allow users to email me - A member may choose to allow other members to contact them via email. The forum does not reveal the member's e-mail address, but instead provides a contact form.".  However, I tried clicking on someone's email icon and it did display their email address in the contact form.  So at least in some cases there appears to be an easy way to harvest an address.

I just went back over the thread.  I don't see any email addresses displayed for anyone, and I only see one member (avast IT crowd) with the email icon (and whose address I can reveal by clicking on their email icon).  This makes me inclined to doubt that those reporting a hit were hit due to their email address being harvested in such a simple way.  I'd like to see something more to back up that idea before buying into it.
Title: Re: Spam on my email address soley used here.
Post by: essexboy on April 01, 2012, 04:09:46 PM
OK a final question to kill this dead...  Apart from the initial spam  have you received any further ones ?

If the answer is no then to me it appears a targeted attack just to get this sort of rubbish clogging the forums and producing distrust.

So who has received any spam after that first burst... Anyone ?

Will a spammer stop at just one shot ?
Title: Re: Spam on my email address soley used here.
Post by: curious! on April 01, 2012, 04:26:04 PM
Seems very strange that only a limited number of fairly new forum members are recieving this spam, i myself have recieved general spam not related to avast but similar to what others have mentioned here in content so it could just be random i believe and the other point to look at is did any of these new members have there email showing when they first joined the forum  ??? as if so they would have been easly harvested.

Just for the sake of completeness, I signed up with said e-mail account back in 2005, not a (fairly) new member.

This address has never been shown to anyone, and not received anything for the last 9 months before this spam.

Other long term members have got the spam too so don't try to disregard the facts, please.
Title: Re: Spam on my email address soley used here.
Post by: CraigB on April 01, 2012, 04:41:04 PM
Please answer essexboy's question prior to your last post ?
Title: Re: Spam on my email address soley used here.
Post by: exocet on April 01, 2012, 06:33:42 PM
Seems very strange that only a limited number of fairly new forum members are recieving this spam... did any of these new members have there email showing when they first joined the forum  ???
I don't think this is affecting only fairly new forum members/addresses.  IIRC, several have reported having older avast only email addresses just hit (myself included).  I've seen numerous posters claim their forum email address was hit and three claims that their forum email address wasn't hit.  Problem is, none of the one's claiming their email address wasn't hit backed that up with the right words you would want to hear before you put weight on it.  So I don't think we can at this point assume that a limited number of forum member email addresses were affected. 

FWIW, I always immediately walk through the settings of a forum account and make adjustments as necessary.  I'm certainly not one that would opt to have their email address shown or allow email from members.  What's interesting though is that I've recently come across some past messages which suggest that at some point in time *the default* was to show or make revealable your email address.  I can't remember that.  I can't even imagine anyone allowing such a default to occur or continue.  I've since, recently, gone back into my settings to double check them.  I can't find a hide or show email address option.  What I do see is the "Allow users to email me" option, unchecked, which the help page describes as: Allow users to email me - A member may choose to allow other members to contact them via email. The forum does not reveal the member's e-mail address, but instead provides a contact form.".  However, I tried clicking on someone's email icon and it did display their email address in the contact form.  So at least in some cases there appears to be an easy way to harvest an address.

I just went back over the thread.  I don't see any email addresses displayed for anyone, and I only see one member (avast IT crowd) with the email icon (and whose address I can reveal by clicking on their email icon).  This makes me inclined to doubt that those reporting a hit were hit due to their email address being harvested in such a simple way.  I'd like to see something more to back up that idea before buying into it.

Of course you cant see users emails, and the ones you can see are those who have allowed others to see them in their profile (I don’t). Checkout the attachments that the users have supplied.

A Spammer moves on, once they hit  a place they move on to another, they may return some months later to try and harvest new signups, but not worth the security alert for 6 or so email addresses. They move on to another entity to attack for fresh email addresses. They have all they needed for this site at this time, but who knows what will happen in a couple of months. Its the distinct lack of response by the AVAST webmaster that concerns me, but they still have 9am Monday 2nd April (GMT) to satisfy me that they are working on it, fixing it or whatever, but NOT ignoring people and only a moderator responding to a 7th reply and not addressing the first comment.

Title: Re: Spam on my email address soley used here.
Post by: essexboy on April 01, 2012, 06:35:27 PM
Don't you just love deadlines... Mind you this really is an earthshattering event
Title: Re: Spam on my email address soley used here.
Post by: Kilia on April 01, 2012, 07:37:39 PM
Don't you just love deadlines... Mind you this really is an earthshattering event
I just love your wit, essexboy. Carry on. ;-)
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 01, 2012, 07:51:43 PM
It's an extra power bestowed to all  Überevangelist on April 1st.  ;D ;D ;D
Title: Re: Spam on my email address soley used here.
Post by: polonus on April 01, 2012, 08:18:06 PM
What is the percentage of this thread that we could consider to be content-spam of some sort?
Why did the OP not have Mailwasher free installed (yes it is still available) on his machine?
He would have missed any reason for posting his glorious thread
as he would never have seen this spam message in the first place,

polonus
Title: Re: Spam on my email address soley used here.
Post by: Kilia on April 01, 2012, 08:34:01 PM
What is the percentage of this thread that we could consider to be content-spam of some sort?
Why did the OP not have Mailwasher free installed (yes it is still available) on his machine?
He would have missed any reason for posting his glorious thread
as he would never have seen this spam message in the first place,

polonus
Love my Mailwasher!
Have used it for many years now.... no problems!
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 01, 2012, 08:56:14 PM
What is the percentage of this thread that we could consider to be content-spam of some sort?
Why did the OP not have Mailwasher free installed (yes it is still available) on his machine?
He would have missed any reason for posting his glorious thread
as he would never have seen this spam message in the first place,

polonus

MailWasher allows you to delete spam at the server. You still get to see the spam prior to it's deletion.
If there truly is a targeted attack, I'd also like to know about it. Even if I've never received anything from this or any other forum.
I've used MailWasher Pro for many years and am very happy with the program despite a current problem with their registration.
Title: Re: Spam on my email address soley used here.
Post by: Stalka on April 02, 2012, 03:12:15 AM
It is interesting to see loyal forum members jumping to the defense on this issue, dismissing it as non-news-worthy and deflecting discussion ... when the evidence clearly shows that the e-mail database has been compromised, you don't really seem to care. How much further did the attacker delve? What other personal information is on this server?

In all likelihood, the forum software is separate from everything else, after all this is a security firm, they know what they are doing.

The sad fact is that forum software gets exploited all the time, its damn-near inevitable. I always treat pre-packaged web software as a possible attack vector and design a system keeping that in mind, I'm sure Avast! did the same thing.

I have received 2 emails of spam, however trivial that may be. But this is your forum. We were here to simply notify you of a problem, I don't think there is much need in defending against it, as it was meant to be HELPFUL.
Title: Re: Spam on my email address soley used here.
Post by: FlyingRobot on April 02, 2012, 05:06:26 AM
...Its the distinct lack of response by the AVAST webmaster that concerns me...

One thing I do like to see is an indication that the first hurdle ("there is no good reason to believe this could be due to an issue on our end") has been cleared.  The larger and/or less technical the company, the more likely it is that the recipient unique email address aspect will be overlooked.  My feeling is that hurdle is past us, but I can't point to anything which proves it.

Given avast's industry and the massive amounts of sensitive information they receive, I would expect them to seed ALL of their databases with non-obvious account information so that they themselves can monitor for leaks.  That's on top of continuously inspecting their systems for exploit weaknesses, malicious code, signs of intrusion, etc.  Of course, very many companies you would expect to be using absolute top notch approaches have been found to have vulnerabilities and often even totally inexcusable ones. 

In a way, even something like this IS a HUGE deal when you can't bound it.  Spam to a recipient unique email address is usually the first sign that someone has acquired information that they shouldn't have.  The important question is: what ELSE was acquired?  You don't know though... and you may never fully know.  Obviously, one possibility which is strong in some cases is that a recipient company database was compromised.  For all you know, that database *and other databases* were compromised.  Every bit of information you have ever given the company or it has collected somehow about you may be compromised.  Even if other databases weren't directly compromised, they could be indirectly so.  For example, where a forum exploit somehow acquired user/pass and the user foolishly used that same user/pass on another type of account with the same company.  Technically speaking, you don't even know what to do with regards to changing passwords, etc on accounts because the exploit could still be in place.  Such is the cold, hard, factual, reality of the situation.  Most would, for whatever reason, think positively and assume least worse case.  From a practical point of view that is understandable.  From a technical point of view that is absolutely wrong; you SHOULD assume worst case.  Those that are security/privacy conscious will naturally want to do the technically best thing but it is a nightmare to do so.  We haven't even gotten to other possibilities yet, so the cascade or avalanche of possibilities and what is necessary to very properly respond to them gets even worse.

So I think it is quite good, and in fact probably a sign of proper thinking, when someone gets upset about even something like this.  Thing is, you also have to try to remain somewhat patient and give the company time to carefully review everything it SHOULD be carefully reviewing.  I don't know when this started, but it sounds to me as though it has only been several days since the first report.  Maybe the thing to do is give avast some more time to investigate and respond to customers/users?  I don't know what others think reasonable, but my feeling at this point is that if a few weeks go by without a reasonable response from avast, then no matter how you slice/dice it the company just doesn't care about its customers/users.  I personally don't expect a company to disclose everything, and I always question whether they are disclosing everything they should be.  What is a "reasonable response" is difficult to pin down, but that's a bridge that can be crossed if/when we get to it. 


Title: Re: Spam on my email address soley used here.
Post by: cod head on April 02, 2012, 02:15:18 PM
Seems very strange that only a limited number of fairly new forum members are recieving this spam, i myself have recieved general spam not related to avast but similar to what others have mentioned here in content so it could just be random i believe and the other point to look at is did any of these new members have there email showing when they first joined the forum  ??? as if so they would have been easly harvested.
[/quote

I received exactly one Spam e mail of the type discussed.So I agree.Its not the usual spam.

Title: Re: Spam on my email address soley used here.
Post by: exocet on April 02, 2012, 04:08:27 PM
Happy Monday folks, I may be a new member but not a new forum user and when I signed up the first thing was privacy, I run 7 forums using the same core software as this one, so its not because it was open, it was because there is low security in Avast forums and a breach that has not been addressed or positively responded to.

My Company has return copies of Avast products as we are now supplying another product and withdraw support for Avast product to our users, they now must use Avast support or rid them selves of it.

Had Avast responded in a timely and positive manner regarding the initial post we would still be selling and supporting their products.
Title: Re: Spam on my email address soley used here.
Post by: cod head on April 03, 2012, 01:22:39 PM
This is Lonely Girls e mail address.May she get spammed.

chandler1122lio@yahoo.com
Title: Re: Spam on my email address soley used here.
Post by: CraigB on April 03, 2012, 01:33:15 PM
This is Lonely Girls e mail address.May she get spammed.

chandler1122lio@yahoo.com
That would be a very stupid move ::) as once you've spammed in return they'll have have positive reply with your address included and you'll start recieving thousands of spam :o
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 03, 2012, 02:04:46 PM
This is Lonely Girls e mail address.May she get spammed.

chandler1122lio(@)yahoo.com

That's as smart a move as they guy that advertised his Soc. Sec. Number and dared any one to steal his identity.
He no longer runs that advertisement.
Title: Re: Spam on my email address soley used here.
Post by: DavidR on April 03, 2012, 02:15:06 PM
This is Lonely Girls e mail address.May she get spammed.
<snip>

Since most from addresses in spam aren't the users but some harvested email address, by publishing it in the hope that it gets harvested isn't very smart, just potentially contributing to the spam out there flooding email servers.
Title: Re: Spam on my email address soley used here.
Post by: exocet on April 08, 2012, 05:49:31 PM
I don’t use mail washer or any other kind of mail filters, as this would then mask a problem as and when one exists, like now. The lonely girl email was used to send to other spammers (failed spammers on my own forums) and they can sort it out among themselves. No my email address want  used. The original complaint was made on the 30th march 2012, response to that complain has yet to be made (A simple “we will look into this” or whatever would have bought them time).

In fact the only response was to reply #8. This is what has irritated me to the point this is a bigger issue of ignoring a problem than the problem itself.

I and my company no longer use or promote Avast products any longer over this apparent burying of heads in the sandbox.

As for unique and strong passwords here is one that has just been discarded and replaced with another (M3nl1k3t0os3eth3d0lph1n5sw1m =  menliketoseethedophinsswim).

The fault wherever it may be, database, forums software, cloud, host, whatever, it’s still Avast's responsibility to care to its users, so far I have witnessed no such action.

Happy Easter everyone.
Title: Re: Spam on my email address soley used here.
Post by: polonus on April 08, 2012, 06:01:11 PM
Hi exocet,

You probably will not see them swim, I mean in
Quote
menliketoseethedoplinsswim
. I do not know what a "doplin" is.
If you are that careful with and critical towards your data you should be the first one they complain about,

polonus

Title: Re: Spam on my email address soley used here.
Post by: bob3160 on April 08, 2012, 06:06:21 PM
A simple typo Damien, we all make them .  ;D
Title: Re: Spam on my email address soley used here.
Post by: polonus on April 08, 2012, 06:13:04 PM
Hi bob3160,

Off course I know that, but actually it was just meant ironically as: "Why do you look at the speck of sawdust in your brother's eye and pay no attention to the plank in your own eye?"

polonus
Title: Re: Spam on my email address soley used here.
Post by: exocet on April 10, 2012, 04:28:45 AM
Hi exocet,

You probably will not see them swim, I mean in
Quote
menliketoseethedoplinsswim
. I do not know what a "doplin" is.
If you are that careful with and critical towards your data you should be the first one they complain about,

polonus

This in line with he topic?
What is your point? (Start another topic. dont use this one).
Title: Re: Spam on my email address soley used here.
Post by: exocet on April 10, 2012, 04:38:45 AM
Hi bob3160,

Off course I know that, but actually it was just meant ironically as: "Why do you look at the speck of sawdust in your brother's eye and pay no attention to the plank in your own eye?"

polonus
To use your metaphors, A simple typo that has been corrected is not a plank in an eye, Spam on a unused email address is however serious. But what has planks in the eye got to do with Spam on accounts on these forums?

I will gladly discuss planks with you on another topic, however this topic is about Spam on users accounts.


Title: Re: Spam on my email address soley used here.
Post by: exocet on June 14, 2012, 06:51:41 AM
Just checking in to see how this is going.

Have a nice day everyone.
Title: Re: Spam on my email address soley used here.
Post by: tbessie on June 14, 2012, 07:47:01 AM
Checking back here myself, I wonder why there hasn't been any  official response from Avast.  Or maybe there has been, but in another thread?  Hmm.
Title: Re: Spam on my email address soley used here.
Post by: DavidR on June 14, 2012, 11:58:21 AM
There has been a response by the Forum Administrator way back in Reply #15.

I can say on behalf of AVAST Software, that we are not selling any e-mail addresses and that we are running the latest available version of the forum software.

Title: Re: Spam on my email address soley used here.
Post by: exocet on June 14, 2012, 12:05:33 PM
Hmm, that speaks volumes.

Like complaining to Ford about a scratch on your car after its been in the workshop and they say "We never employ agency staff to work on our vehicles"

Come on AVAST dont bury your head in Sandox and don't just make a statement that has no bearing on the original question/post, tell myself and others what you're doing about this leak.


Title: Re: Spam on my email address soley used here.
Post by: bob3160 on June 14, 2012, 12:33:21 PM
Hmm, that speaks volumes.

Like complaining to Ford about a scratch on your car after its been in the workshop and they say "We never employ agency staff to work on our vehicles"

Come on AVAST dont bury your head in Sandox and don't just make a statement that has no bearing on the original question/post, tell myself and others what you're doing about this leak.
Get off your boat or agenda. There is no leak from the avast side. Maybe you should check closer to home.....???
Title: Re: Spam on my email address soley used here.
Post by: exocet on June 14, 2012, 09:12:02 PM
Hmm, that speaks volumes.
Get off your boat or agenda. There is no leak from the avast side. Maybe you should check closer to home.....???

What a D%*%! Leak is here no need to look elsewhere, perhaps thisis how you got the high post lists, one liners that mean nothing!
Title: Re: Spam on my email address soley used here.
Post by: AdrianH on June 14, 2012, 09:32:27 PM
How can the leak be here?  This spam was popping up all over the net, as I said at the beggining, I had the same message from the same sender (as did others on other sites) and that was to a spare address that has nothing to do with this avast.

It happens all the time, I have a server where my son has 2 spare addresses on his own domain name, those addresses have never once been used, yet there is spam  addressed to them caught in the folder.

If there was this "leak"  don't you think there would be a lot more comment given the size of the membership here?
Title: Re: Spam on my email address soley used here.
Post by: exocet on June 14, 2012, 09:56:55 PM
It is only Avast that leaked a unique address that wasn’t a mail that could send, it was a forwarded address to a collection address, so it never sent out mail and only Avast had the address. I don’t know how or where, but had the leak come nearer home as some idiot ranted it would have affected all my emails. My problem is,  I asked a question for Avast staff to answer and it has not been met, that to me is worse than the leaked address. Some have submitted valid points while others just pick, but that is know as forums post padding, its to gain status by getting brownie points for many posts.

That happens on many forums and is a sad fact, some webmasters remove the points gain by stupid short useless replies, but at least it shows they are alive, even  if not paying attention to what is being said or asked, you see this all the time on forums.


I don’t think its unreasonable for Avast to declare one way or another regarding this subject, it has cost them business albeit small by the probable sales they achieve.

But if you look at it from this perspective, A question is asked, but not replied to, in the ensuing comments one was added that was answered but not the first. Is this guilt that is hoped will go away?

So a recap here, for the sake of the boatman who is an avid "Avast ye swabs". A unique email address was spammed, never came form the originating domain as it would leaked many such addresses, only one address was spammed and that address was unique to Avast. Others have stated this and I would put money on it that Avast or who ever runs the website intercepted it before they got to far.

So I await a reply from Avast staff that has nothing to do with boats barges or ships, canoes included.
Title: Re: Spam on my email address soley used here.
Post by: Mr.d on June 14, 2012, 10:40:17 PM
It seems that Avast is skirting the original question posed by Exocet. I see several "posters" throwing their nonsensical retorts into the mix and appear to be attempting to divert attention to a serious situation. These "posters" with Uberevangist tags really need to get a life instead of trying to wreak havoc on mankind. Avast has to NOW either shit or get off the pot. Answer the original question, if you can. Or, is this just another hack cover-up? LinkedIn got hit as maybe you have.
Title: Re: Spam on my email address soley used here.
Post by: exocet on June 14, 2012, 10:59:27 PM
As did last.fm At least they admitted it and advised users to change passwords and mail addresses, that you can respect.
Title: Re: Spam on my email address soley used here.
Post by: essexboy on June 14, 2012, 11:08:44 PM
Methinks you require an affadavit written in blood, would that convince you, probably not.  An Avast staff member has already stated that it was not a leak/hack/deluge from here.  With a fair few million addresses at Avast I feel that there would be more than about 10 people saying that their entire world has collapsed.  I would suggest that you put it into context, although I see you have called in re-inforcements.

If Avast makes an error, and they have made a couple they come out straight away and hold their hands up.  So I do not consider there to be a cover up/whitewash/conspiracy of silence 

TO be honest this puts me in mind of flogging a dead horse.... Pointless
Title: Re: Spam on my email address soley used here.
Post by: bob3160 on June 15, 2012, 12:20:05 AM
As did last.fm At least they admitted it and advised users to change passwords and mail addresses, that you can respect.
Must be one of those one liners to gain ranking with meaningful posts......  ;D   :o
Title: Re: Spam on my email address soley used here.
Post by: exocet on June 15, 2012, 05:16:39 AM
An Avast staff did not answe the question at all. perjhaps you should read again