Author Topic: SECURITY ISSUE - has Avast been hacked? (Read 3604 times)

REDACTED · « **on:** February 19, 2015, 09:44:07 AM »

Today I received a convincing looking email (included below) that looks like it is from Avast notifying me that my account will be debited for my AV licence renewal, but if I have concerns, I can log in using a nice blue button. This is a phishing email and it is extremely well made. The real problem here is that it was addressed to my name, it was sent to an email address that is not public and is used merely as a forwarder and of course the sender correctly identified the kind of Avast software I have.
Sender could only have got the info from Avast. A hack
I emailed Avast abuse and received a standard automated reply, which did not address the issue but said:
Hello,
Thank you for the notification.
We have taken the appropriate action to block the offending user from using our service.
Regards,
Petr Chocholous
[it crowd]
AVAST Software
Budejovicka 1518/13a
140 00 Praha 4
Czech Republic
==================================
I had supplied the source code of the email and asked how could the sender know my personal details? The response does not address my question. When I emailed again asking for explanation, I received the exact same email again.
Because of the limit character limit on the forum post I was not able to include the source code of the email. I will try to post this in a reply to my post.

REDACTED · « **Reply #1 on:** February 19, 2015, 09:45:07 AM »

Below is the source code of the phishing email I received (I removed identifying info about me). I had to strip some of the code because of the maximum characters per post permitted on this forum.
From - Thu Feb 19 16:49:33 2015
X-Account-Key: account16
X-UIDL: UID16567-1385813624
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <service@nexway.com>
Envelope-to: xxxx@ozweb.co
Delivery-date: Thu, 19 Feb 2015 14:43:05 +1100
Received: from mail-in1.xxxxxxx.net.au ([203.10.110.93]:35291)
   by vmx12739.hosting24.com.au with esmtp (Exim 4.84)
   (envelope-from <service@nexway.com>)
   id 1YOI13-0004EG-Lg
   for michael@ozweb.co; Thu, 19 Feb 2015 14:43:05 +1100
Received: from icp-osb-irony-in12.external.iinet.net.au (icp-osb-irony-in12.external.iinet.net.au [203.59.1.191])
   by mail-in1.xxxxxxxxx.net.au (Postfix) with ESMTP id 7D7D5904419
   for <xxxxxxx@netspace.net.au>; Thu, 19 Feb 2015 14:42:57 +1100 (EST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: REMOVED
X-IronPort-AV: E=Sophos;i="5.09,606,1418054400";
d="scan'208,217";a="364817478"
X-Envelope-To: xxxxxxxxx@netspace.net.au
Received: from unknown (HELO gwprod.nexway.com) ([94.100.165.49])
by icp-osb-irony-in12.iinet.net.au with ESMTP; 19 Feb 2015 11:42:44 +0800
Received: from front3.telechargement.fr (unknown [10.100.33.103])
   by gwprod.nexway.com (Postfix) with ESMTP id 71A781644A;
   Thu, 19 Feb 2015 04:42:41 +0100 (CET)
Received: by front3.telechargement.fr (Postfix, from userid 33)
   id F0FBC21A27; Thu, 19 Feb 2015 04:42:40 +0100 (CET)
To: xxxxxxxxx@netspace.net.au
MIME-Version: 1.0
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Avast Antivirus <noreply@avast.com>
Message-Id: <20150219034240.F0FBC21A27@front3.telechargement.fr>
Date: Thu, 19 Feb 2015 04:42:40 +0100 (CET)
X-Antivirus: avast! (VPS 150218-2, 18/02/2015), Inbound message
X-Antivirus-Status: Clean

<head>
<title>Avast reminder: Your subscription will automatically renew in 30 day=
s</title>
<style type=3D"text/css">
REMOVED
</style>
</head>
<body style=3D"margin: 0; padding: 0; background-color: #D7D8DA;" bgcolor=
=3D"#D7D8DA">

<table width=3D"100%" bgcolor=3D"#D7D8DA" border=3D"0" cellpadding=3D"0" ce=
llspacing=3D"0" style=3D"margin: 0; padding: 0; background-color: #D7D8DA;"=
>
<tbody>
<tr>
=20
<tr>
<td><img src=3D"http://images.telechargement.fr/img_mail_orde=
r_avast/emailing-header-blank.jpg" style=3D"display:block" alt=3D"Avast be =
free" /></td>
</tr>
<tr>
<td align=3D"center" bgcolor=3D"#FFFFFF" style=3D"background-=
color: #FFFFFF;"><table align=3D"center" width=3D"520" cellspacing=3D"0" ce=
llpadding=3D"0" border=3D"0" bgcolor=3D"#FFFFFF">
<tr>
<td height=3D"15" style=3D"font-size: 1px;">
<tr>
<td height=3D"15" style=3D"font-size: 1px;"=
></td>
</tr>
<tr>
<td><p style=3D"text-align: left; margin: 0=
; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size:14px; co=
lor:#4A585E; line-height: 160%;">In order to make sure that your license wi=
ll be extended before the expiration date, we will attempt to process a cha=
rge of 49.99=C2=A0AUD to the payment method on file on 08/03/2015. Your pro=
tection will only be extended until <b>21/03/2016</b> if we will be able to=
process this transaction successfully.<br /><br />To review your purchase =
history or to cancel your Auto-Renewal Service, please login to your <a hre=
f=3D'%4'>secured Avast customer portal</a> by following the instructions be=
low.</p></td>
</tr>
=20
</p></td>
</tr>
<tr>
<td height=3D"25" style=3D"font-size: 1px;"></td>
</tr>
<tr>
<td><p style=3D"text-align: left; margin: 0; padd=
ing: 0; font-family: Arial, Helvetica, sans-serif; font-size:13px; color:#3=
03740; line-height: 160%;"><b>Scheduled Transaction date: 08/03/2015</b></p=
></td>
</tr>
<tr>
<td height=3D"5" style=3D"font-size: 1px;"></td>
</tr>
</table>
<table align=3D"center" width=3D"525" border=3D"0" ce=
llpadding=3D"5" cellspacing=3D"0" bgcolor=3D"#F0F1F3" style=3D"background-c=
olor: #F0F1F3;">
<tr>
<td valign=3D"top" style=3D"text-align: left; fo=
nt-family: Arial, Helvetica, sans-serif; font-size:13px; color:#303740; lin=
e-height: 160%;"><b><i>Product</i></b><br />
Avast Pro Antivirus - Subscription
</td>
<td valign=3D"top" style=3D"text-align: center; =
font-family: Arial, Helvetica, sans-serif; font-size:13px; color:#303740; =
line-height: 160%;"><b><i>Quantity</i></b><br/>
1</td>
<td valign=3D"top" style=3D"text-align: right; =
font-family: Arial, Helvetica, sans-serif; font-size:13px; color:#303740; l=
ine-height: 160%;"><b><i>Price</i></b><br/>
=20
49.99=C2=A0AUD
=20
</td>
</tr>
<tr>
<td colspan=3D"2" style=3D"text-align: left; font=
-family: Arial, Helvetica, sans-serif; font-size:13px; color:#303740; line-=
height: 160%;"><b>Total Price:</b></td>
<td style=3D"text-align: right; font-family: Aria=
l, Helvetica, sans-serif; font-size:13px; color:#303740; line-height: 160%;=
">49.99=C2=A0AUD</td>
</tr>
</table></td>
</tr>
<tr>
<td height=3D"15" style=3D"font-size: 1px;"></td>
</tr>
<tr>
<td><p style=3D"text-align: left; margin: 0; padd=
ing: 0; font-family: Arial, Helvetica, sans-serif; font-size:13px; color:#4=
A585E; line-height: 160%;"><b>Login: </b> hessenthaler@netspace.net.au</p><=
/td>
</tr>
<tr>
<td height=3D"15" style=3D"font-size: 1px;"></td>
</tr>
<tr>
<td><p style=3D"text-align: left; margin: 0; padd=
ing: 0; font-family: Arial, Helvetica, sans-serif; font-size:13px; color:#4=
A585E; line-height: 160%;"><b>Password: </b> zNJ7AfVy</p></td>
</tr>
</table>
</td>
</tr>
<tr>
<td height=3D"25" style=3D"font-size: 1px;">
=20
=20
=20
<a target=3D"_blank" href=3D"https://avas=
t-au.nexway.com" style=3D"font-family: Arial, Helvetica, sans-serif; font-s=
ize:18px; color:#FFFFFF; text-decoration: none; margin: 0; padding: 10px 0p=
x 10px; white-space: nowrap;">       &nb=
sp; <b>Access Customer Portal</b>      &=
nbsp;  </a></td>
</tr>
</table></td>
</tr>
</table>
</td>
</tr>
</table>
=20

<table align=3D"center" width=3D"520" cellspacing=3D"0" c=
ellpadding=3D"0" border=3D"0" bgcolor=3D"#FFFFFF" style=3D"background-color=
: #FFFFFF;">
<tr>
<td height=3D"20" style=3D"font-size: 1px;"><!-- cell -=
-></td>
</tr>
</table>

<table align=3D"center" width=3D"520" cellspacing=3D"0" cel=
lpadding=3D"0" border=3D"0" bgcolor=3D"#FFFFFF" style=3D"background-color: =
#FFFFFF;">
<tr>
<td height=3D"25" style=3D"font-size: 1px;"> </td=
>
</tr>
<tr>
<td align=3D"left" colspan=3D"2"><h2 style=3D"text-alig=
n: left; font-size:16px; color: #000000; font-family: Arial, Helvetica, sa=
ns-serif; line-height: 160%;">Need additional assistance?</h2></td>
</tr>
<tr>
<td height=3D"5" style=3D"font-size: 1px; border-top: =
1px solid #C3CAD2;"> </td>
</tr>
<tr>
<td align=3D"left"><table width=3D"265" cellspacing=3D"=
0" cellpadding=3D"0" border=3D"0" bgcolor=3D"#FFFFFF" align=3D"left" style=
=3D"background-color: #FFFFFF;">
<tr>
<td width=3D"50"><img src=3D"http://images.telech=
argement.fr/img_mail_order_avast/supp.png" style=3D"display:block" alt=3D""=
/></td>
<td valign=3D"middle" style=3D"vertical-align: mi=
ddle;">
=20
=20
=20
<a target=3D"_blank" href=3D"https://avas=
t-au.nexway.com/contact.html?Langue=3Den_XW
" style=3D"font-size:14px; line-height: 200%; font-family: Arial, Helvetica=
, sans-serif;">Contact Avast Customer Service</a></td>
</tr>
</table></td>
</tr>
<tr>
<td height=3D"30" style=3D"font-size:1px;" colspan=3D"2=
"> </td>
</tr>
</table>
<table width=3D"520" cellspacing=3D"0" cellpadding=3D"0" bo=
rder=3D"0" bgcolor=3D"#FFFFFF" align=3D"center" style=3D"background-color: =
#FFFFFF;">
<tr>
<td align=3D"left"><p style=3D"text-align: left;margin:=
0;padding: 0;font-family: Arial,Helvetica,sans-serif; font-size: 14px; col=
or:#4A585E; line-height: 160%;">Best regards, </p></td>
</tr>
<tr>
<td height=3D"10" style=3D"font-size: 1.0px;" colspan=
=3D"2"> </td>
</tr>
<tr>
<td align=3D"left"><p style=3D"text-align: left;margin:=
0;padding: 0;font-family: Arial,Helvetica,sans-serif; font-size: 14px; col=
or:#4A585E; line-height: 160%;">Avast Software Customer Service Team<br />

</tr>
<tr>
<td height=3D"10" style=3D"font-size: 1.0px;" colspan=
=3D"2"> </td>
</tr>
<tr>
<td align=3D"left"><p style=3D"text-align: left;margin:=
0;padding: 0;font-family: Arial,Helvetica,sans-serif; font-size: 11px; col=
or:#4A585E; line-height: 120%;"><b>Please note:</b> This email message was =
sent from a notification-only address that cannot accept incoming email. Pl=
ease do not reply to this message.</p></td>
</tr>
<tr>
<td height=3D"30" style=3D"font-size: 1.0px;" colspan=
=3D"2"> </td>
</tr>
</table></td>
</tr>
<tr>
<td align=3D"center"><table bgcolor=3D"#D7D8DA;" border=3D"0"=
cellpadding=3D"20" cellspacing=3D"0" style=3D"margin: 0; background-color:=
#D7D8DA;" width=3D"100%">
<tbody>
<tr>
<td align=3D"center"><p style=3D"margin: 0; padding: =
0; font-family: Arial, Helvetica, sans-serif; font-size:10px; color:#4A585E=
;">AVAST Software s.r.o., Trianon Office Building, Budejovicka 1518/13a, 14=
0 00, Prague 4, Czech Republic</p>

Para-Noid · « **Reply #2 on:** February 19, 2015, 09:15:22 PM »

Uh...did you think about saving via copy/paste into a text file then attaching the text file to your post?
It would make your post shorter.
I'm quite positive your computer has "notepad".

Eddy · « **Reply #3 on:** February 19, 2015, 09:56:59 PM »

Quote

Today I received a convincing looking email (included below) that looks like it is from Avast notifying me that my account will be debited for my AV licence renewal

Did you contacted avast about a refund (or anything else) ?

REDACTED · « **Reply #4 on:** February 20, 2015, 03:03:31 AM »

Yes, sorry I should have made an attachment.

I am not after a refund. The issue is that Avast does not seem to be interested. And more importantly, they are not saying anything about how someone could have got my name, the software version and non-public email address which I used to register with Avast.

I would think this is a serious issue, but they don't. Mind you, the lack of comments to my post suggests no one is too worried about it.

cheers

M

Eddy · « **Reply #5 on:** February 20, 2015, 03:53:44 AM »

I am not asking if you are after a refund or not.
I am asking if you have contacted avast about a refund or something else prior to receiving the mail.

Author Topic: SECURITY ISSUE - has Avast been hacked? (Read 3604 times)

REDACTED

SECURITY ISSUE - has Avast been hacked?

REDACTED

Re: SECURITY ISSUE - has Avast been hacked?

Para-Noid

Re: SECURITY ISSUE - has Avast been hacked?

Eddy

Re: SECURITY ISSUE - has Avast been hacked?

REDACTED

Re: SECURITY ISSUE - has Avast been hacked?

Eddy

Re: SECURITY ISSUE - has Avast been hacked?