Author Topic: Avast are now a source of spam/virus attack :(  (Read 14076 times)

0 Members and 1 Guest are viewing this topic.

Offline AndrueC

  • Newbie
  • *
  • Posts: 5
Avast are now a source of spam/virus attack :(
« on: October 14, 2009, 06:18:02 PM »
Since yesterday I have had two spam emails sent to me at an address that only Avast should be using.

One was titled 'Latest PDF Reader with Activation Code' the other was 'New Tools For Your Google Earth Experience'.

I know that Avast is responsible because part of my anti-spam system is to give everyone I deal with a unique email address to contact me. Either Avast are selling their contact lists to third parties or else someone has gained access to their mailing lists.

Just to be clear here:I am not talking about their address being in the 'From:' field - I know they can be spoofed. I am talking about someone sending me email using an address that only myself and Avast are supposed to know about.

I take a very dim view of this situation however it has arisen. If someone from Avast wishes to contact me they can do so for the next week. After that the address goes on the black list.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83781
  • No support PMs thanks
Re: Avast are now a source of spam/virus attack :(
« Reply #1 on: October 14, 2009, 06:48:26 PM »
I have several email addresses, some which haven't even been used yet and guess what some of them get spam.

It entirely depends on what the email address is as dictionary attacks are commonly used in the hope of hitting valid addresses. I have a couple of these type of addresses that weren't in the public arena, but they get spam ;D

One of my ISPs I frequently find spam emails coming with whole blocks of email addresses for email addresses of that ISPs user. My suspicion was that their databases were hacked and the emails harvested otherwise how would an email address get into the public arena where it might get harvested.

So there is more to this than meets the eye, the email address I use on the forums, gets very little spam and that has been around for some time and used in multiple locations. Alwil software doesn't divulge emails to third parties, I have been an avast user for five and a half years and haven't come across anything to suspect otherwise.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline sded

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1718
  • Me llamo Ed
Re: Avast are now a source of spam/virus attack :(
« Reply #2 on: October 14, 2009, 06:49:43 PM »
I get spam to accounts that are known only to me and the ISP.  They were set up to reserve space for personal websites that have not been activated and have never been used.  Are you using names that might be guessed via a dictionary attack?  Did your ISP send you a welcome notice?  I don't think my ISP is selling their customer list either, but somehow spammers have learned my address.  
Windows 7 x64HP-SP1-No UAC, Opera 11.51, Avast! Internet Security 6.0.128, Webroot SecureAnywhere latest beta, Windows FW off, MVPS HOSTS, SAS/MBAM offline, Macrium Reflect just in case ;)

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3060
Re: Avast are now a source of spam/virus attack :(
« Reply #3 on: October 14, 2009, 07:01:10 PM »
Hello AndrueC

there is no possibility of someone gaining access to avast's mailing lists. I too have many email ids. i'll not get even a single spam. my isp knows one of my email ids which is my most used id. then too I don't get any spams.

one of my forum friends, scott, said me that I have good browsing habits, thanks scott.  ;) . I now know that he was not joking.

hope you have good browsing habits.

nmb
« Last Edit: October 14, 2009, 07:03:38 PM by nmb »

Offline AndrueC

  • Newbie
  • *
  • Posts: 5
Re: Avast are now a source of spam/virus attack :(
« Reply #4 on: October 14, 2009, 07:25:37 PM »
Sorry, no - nothing to do with my ISP. Until recently I was actually running my own mail server but now I rely on Thunderbird to filter out stuff based on the To: field using my domain provider's server.

It's based around a wildcard so I don't even have to configure things normally. My domain provider puts everything into one mailbox and I pull it down with Thunderbird. I have rules that delete anything where the To: field doesn't contain certain things or when it matches a known source of spam.

Although it's conceivable in this case that a dictionary attack would work it would be the most precise dictionary attack ever heard of. They just happened to pick the right words to match with an address that I gave out to Avast!

As a ficticous example:Suppose I told Avast to contact me at:

avast.wibble@fakedomain.com

What are the chances that a dictionary attack or a random spammer would pick that as an address to target?

In this case '.wibble@' is the security marker. Anything without at least that in the To field gets deleted immediately and never seen. So 'bill@fakedomain.com' is an immediate fail for example.

I know how much email my mailbox is getting and today it was 54 items - 52 of which were spam and deleted. No way in hell is this a dictionary attack. Either that or the perpretator should be playing the lottery!

As for good browsing habits:Even if I had lousy habits and was infected by trojans it still wouldn't explain where that address comes from. The address isn't stored by me. It's not going to be in my address book so can't be stolen. In fact until I add it to the blacklist it isn't stored anywhere on my system. The only place that should store it is Avast.

Nope. Just doesn't add up. It's either spam from Avast or someone else has gained access to the information.
« Last Edit: October 14, 2009, 07:43:35 PM by AndrueC »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83781
  • No support PMs thanks
Re: Avast are now a source of spam/virus attack :(
« Reply #5 on: October 14, 2009, 08:20:34 PM »
Well it isn't spam from avast, what would they gain from it.

I and the others can only tell of our experiences of avast/Alwil Software. If you can't trust your security applications, who can you trust and why would you keep it.

Surely then the spam that is deleted because of the wibble failure wouldn't come from the email you gave avast as that would have it.

I'm sure you are aware that email also passes through multiple servers and unless encrypted it is possible it could get intercepted.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Mike Buxton

  • Full Member
  • ***
  • Posts: 155
Re: Avast are now a source of spam/virus attack :(
« Reply #6 on: October 14, 2009, 08:26:55 PM »
Hi,

Since yesterday now means today.

So of 54 emails received up to some time today

50 were spam not related to Avast
  2 were supposedly connected with Avast
  2 were genuine

To how many of your secret individual addresses were the 50 sent?

It hardly seems further comment is necessary?

My regards

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36751
Re: Avast are now a source of spam/virus attack :(
« Reply #7 on: October 14, 2009, 08:58:41 PM »

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: Avast are now a source of spam/virus attack :(
« Reply #8 on: October 14, 2009, 09:01:41 PM »
never ever got spammed for giving an email address to a webforum, never  ::) ...and I can hardly imagine Avast doing this.
w7 - ais7

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: Avast are now a source of spam/virus attack :(
« Reply #9 on: October 14, 2009, 09:07:07 PM »
***

Welcome to the forums, AndrueC.   :)

You would be wise to consider all the above comments.

If what you are suggesting was true, don't you think this forum would be full of complaints? Do you not think those of us responding to you would also be complaining about such an action from avast?

Yet, you are the only one suggesting such a thing.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9346
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Avast are now a source of spam/virus attack :(
« Reply #10 on: October 15, 2009, 08:39:15 AM »
ALWIL Software DOESN'T send ANY spam and they are NOT related with ANY spam company.
Visit my webpage Angry Sheep Blog

Offline AndrueC

  • Newbie
  • *
  • Posts: 5
Re: Avast are now a source of spam/virus attack :(
« Reply #11 on: October 15, 2009, 09:35:19 AM »
Okay some more facts.

Of the emails rejected yesterday all were old, known blacklisted addresses. I've been running this system for nearly ten years now. It's not surprising (though a little sad) that over the years I've slowly built up a blacklist. There aren't many addresses on it (around a dozen now I think). I don't think I've updated the blacklist in over a year. So basically this unique address that only Avast and myself know exists (and frankly I'd forgotten about it) suddenly wakes up and becomes a new source of spam?

I subscribe to dozens of forums and have accounts with dozens of retailers and other organisations. I have a very active online life. So how come no other email addresses have gone bad recently?

Q)If what you are suggesting was true, don't you think this forum would be full of complaints?
A)No. Very few people use this kind of system. Most people use the same email address for all their contacts. To them these messages would just be typical spam that they have no practical way to trace. Furthermore most people because of this just ignore spam. It's something they've learned to live with. My system ensures that I almost never get spam and when I do I can trace it or at least immediately block it.

Q)never ever got spammed for giving an email address to a webforum, never
How do you know? See above Q/A. Actually though, neither have I. This email address wasn't used for a forum. It was used when I registered the software. I've only reused it on this forum when I opened the account to complain. So technically I'm not blaming the forum - I'm blaming the Avast registration system.

Q)Surely then the spam that is deleted because of the wibble failure wouldn't come from the email you gave avast as that would have it.
A)Eh? I don't think you've understood what I wrote. The 'wibble failure' was a general example of how my security system works that's all. Avast wouldn't use that address. Or at least not legitimately. They shouldn't be in the business of guessing at people's email addresses.

Q)I'm sure you are aware that email also passes through multiple servers and unless encrypted it is possible it could get intercepted.
A)When? Let's look at the sequence:

1.Sometime within the last year or so I have registered for their software using their website.
2.They would have sent me an email containing the licensing information.
3....time passes....
4.I get two spam emails using the address entered at (1).

When exactly do you think the 'leak' occurred? It's been many months since I registered for Avast and since I got the registration email the address should have been dormant. There'll be a record of it in my saved emails folder as part of the registration email but that's it. If that address has somehow been farmed from there then why not all the other addresses I have stored in saved messages? Why not all the addresses that are active?

Just how does a single address that has been used once and once only over six months ago suddenly gone active for spam?

I've just gone onto my provider's webmail system to check (thereby avoiding filtering) and it looks pretty normal. Half a dozen spams from known sources but basically quiet as normal. I am not under any form of dictionary attack. It's just the one unique address that only Avast should know about that has gone bad recently.
« Last Edit: October 15, 2009, 09:41:40 AM by AndrueC »

Offline AndrueC

  • Newbie
  • *
  • Posts: 5
Re: Avast are now a source of spam/virus attack :(
« Reply #12 on: October 15, 2009, 09:47:02 AM »
(off topic) Mind you having checked the raw input as it were it's educational. Most of the spam is targetting a personal address that was blacklisted because they got hit by a trojan. That ocurred many years ago. They've got married and had two kids since I blacklisted that address. Amazing to think that the address is still the target of spam after all these years. The other couple of addresses are for businesses I used to use. Interesting that those aren't as heavily targetted. Perhaps that's an indication that they sold the address list rather than having it stolen.

Presumably if it's a 'legitimate' sale it's seen as having value so doesn't get 'whored' around as much as one stolen by a trojan.

I guess time will tell if Avast's contact address goes the way of the trojan or remains a relatively low source of spam.
« Last Edit: October 15, 2009, 09:48:50 AM by AndrueC »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9346
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Avast are now a source of spam/virus attack :(
« Reply #13 on: October 15, 2009, 09:57:48 AM »
Once i had an e-mail from brand new ISP provider, i never used it, never told it to anyone and it was still getting junk on it. So your example proves nothing.
Visit my webpage Angry Sheep Blog

Offline Omega40

  • Full Member
  • ***
  • Posts: 137
Re: Avast are now a source of spam/virus attack :(
« Reply #14 on: October 15, 2009, 10:29:19 AM »
@AndrueC
I have to chime in to say, that I use 4 different email addresses for forums. *FOUR......the only one I get spam on is my gmail account (figures).  That email account is not used here. I have absolutely no spam on the email account I use here, which is also the same email address I used to register my Avast! software.

So now what??