Author Topic: Details leakage?  (Read 3497 times)

0 Members and 1 Guest are viewing this topic.

foghorn

  • Guest
Details leakage?
« on: September 10, 2004, 07:22:35 AM »
I would like to hear if anyone is suffering emails carrying viruses whilst running avast s/w.

I must say I am generally impressed with the Avast kit. It gets on with what it does without any fuss, and has trapped a couple of genuine viruses via email.

However today I got a virus sent to a domain which I never use on the internet (apart from private emails).  What was very strange was that the mailbox used was the login account name for POP3 access to that account.  This account name is never used by me as a mailbox on that domain.

This account name and the domain name are only held in two places.
1. Outlook express, where it is used to tell the local Avast POP3 server how to logon when it is collecting POP2, and 2. within my domain hosting ISP.

There is a good possibility that the email has emerged from one of these sources, and I write this email as a sounding board to try and eliminate Avast as the source.

Thoughts please.


Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Details leakage?
« Reply #1 on: September 14, 2004, 10:31:58 AM »
I'm afraid I don't understand the post exactly. Do you mean that you get a returned undelivered e-mail, appearing to be sent by you, or... ?

Could you be a little more specific, please (give the exact data, possibly with changed names)?

foghorn

  • Guest
Re:Details leakage?
« Reply #2 on: September 14, 2004, 10:43:31 AM »
I am saying that I am being bombarded by emails carrying various viruses, all to an unusual combination of ISP login name (as mailbox name) and one of my domains.  I have no reason to ever use these two together especially as the mailbox (ISP login name) is computer generated, and something I cannot spell from memory.

This information only exists in two places.  
1) With my ISP, who have denied that they have leaked my details.
2) In OE, with the login name and domain separated by a # for AVast antivirus' use.

Almost as if AVast could be sending me emails/viruses to show how good it was at trapping them.  I really don't believe this to be the case but am having some trouble working out what is really going on here.

I sent the original post in an attempt to get Avast to reassure me that there is nothing untoward with their side of things, but I probably didn't word it very well, although my ISP responded to a similar query within two minutes.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Details leakage?
« Reply #3 on: September 14, 2004, 11:10:46 AM »
- There is many malware that scans for passwords/login names. Could this be the case here?

- There is also a lot of malware that generate (speudo) random ip addresses to send itself to. Could this be the case here?

When I was looking for basic compiler I found a little basic program that was able to send email to someone and I could choose who the sender and sender server was. With that I can send you a mail that looks like you have send it to yourself. Little editing and it will generate random addresses/names and send it to all. If I let it run long enough sooner or later you too will get such a mail. Not that I run this program ofcourse. But it illustrates very well that not all things are as they appear to be.

I think the main issue here is getting your system(s?) clean and secured. At least that is what I make out of your posts.

foghorn

  • Guest
Re:Details leakage?
« Reply #4 on: September 14, 2004, 11:51:40 AM »
Thanks for your comments.

What you are suggesting is not outside the bounds of possibility even though I run a router/firewall and XPSP2 firewall.  I am pretty careful about what I download, which is one reason why I am a little surprised by what is happening.

Can anyone suggest any steps I can take to go further in identifying what software could be running on my system to cause this.

Thanks again.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Details leakage?
« Reply #5 on: September 14, 2004, 11:54:20 AM »
Click on the link in my signature and follow the steps on that page. That will make sure your system is clean. It will take some time to complete all of it, but it is a good start.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Details leakage?
« Reply #6 on: September 14, 2004, 12:08:21 PM »
I think it's much more probable that the data were simply spoofed by a virus running on somebody's computer whom you sent an e-mail previously. Are you sure that the mentioned data cannot be collected from e-mail headers? Or, isn't the name or domain rather common, such as it can be combined by chance?