Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Forensics help - Outgoing email
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Sun, 18 Jun 2006 16:54:32 +0100

castellan2004-fd () yahoo com wrote:

Recently, I was introduced to the torrent network
(primarily because I wanted to download some Linux
distros).  My curiosity made me download other audio
torrents to see the efficiency of the torrent network.
 One thing I have noticed on my system is that there
is an email being sent out periodically to some system
(247.16.delicado.com.uy).  When the email is being
sent out, the AVG Anti Virus is scanning the email,
is how I found out about the delicado.com.uy system.
I do not know what is being sent out.  Can the torrent
files compromise security on your system?  Has my
system been compromised and become part of a bot
network?  How do I find out what is causing this email
to go out?  How do I fix this problem?

  One possible explanation is that one of the music files you downloaded 
wasn't actually an mp3 but a virus-infected exe, with a name like 
'foo.mp3.exe' or 'foo.mp3 
.exe' that can easily slip past your notice if you aren't paying full 
attention.  I suggest you run a full scan with AVG, and perhaps try out one 
or two of the on-line virus scanners as well.

  On the other hand, some versions of the torrent software are known to have 
been bundled with ad/spyware, so perhaps you should run AdAware or SpyBot 
S'n'D as well?

Can't think of a witty .sigline today.... 

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]