Avast User Registration Data Base Compromise?

Picked up a piece of spam in a protected (read used in 3 places) email account from this web forum.
This address was not used to create an account here, it was used to register a copy of Avast Free in 2004.

I’m unhappy to say the least.

your email is sot been comprimised please see the many other threads on this issue

I received the same crap!
How do I stop this?

Thanks!

Did you fully read my post?
The address that was spammed is not the one used to register in the forum.
It was used 3 years ago to register a copy of Avast Free.

Follow here http://forum.avast.com/index.php?topic=24177
We hate spam :stuck_out_tongue:

I have, the IM spam is different from the spam I received.
I have not used it to register an account in your forum.
It’s an administrative account I use to conduct business with my domain provider and communicate with CERT.
The address was also used to register a copy of Avast Free 3 years ago.
My bad trusting it to Avast.

“We” have little to no recourse other than kill the account used and don’t register/use Avast.
I suspect the PHPbb is either behind on updates or misconfigured making it vulnerable to exploit.
Pretty bad for a security company IMO.

Why are you bashing avast? You’re just making bad avast press here… why? :stuck_out_tongue: :cry:
Please, stop blaming avast team. Help us (and they) to solve the trouble will be better and more friendly from you.

I’m sorry, I’m not bashing Avast the program. It is a wonderful thing to offer new users for basic AV protection.
I’m getting reports of more of this from other admins who have registered the product but have no forum account. This points to a data base compromise, if you don’t understand the severity of that I don’t know what else I can say to you.
Please get in touch with the site admin and have them fix the darn thing!
It’s not like PHPbb exploits are new or that updating and proper configuration are unimportant.
[u]http://pub.sinuspl.net/sanaldarbe.avi[/u]

:frowning: I received the same from Edward. THis is the info…
Subject: New Personal Message: URGENT MESSAGE FROM ADMIN!!!
Date: 10/12/2006 8:13:39 P.M. Central Daylight Time
From: webadmin@asw.cz

Well, I’m a common user, not an administrator like you seem to be.
So, you must convince Alwil team (specially the webmaster), not me ::slight_smile:

I think we can all agree that the DH “Aussie term” (D…k Head) EdwardN behind this crap needs a good smacking.

Please send me the whole email with all the headers to my email address. Please zip it, otherwise my spamfilter will killfile it. But since this (forum) computer knows nothing about registration database, it’s highly unlikely that it can send emails to such addresses…

I must apologize.
After pulling my complete email records I see I did use the spammed address for a forum account.
Thankfully the Reg data base is stored separately, though that’s little relief to forum participants that were spammed or even worse have been compromised with malware.
I would think best practice would be to make member list function unavailable for general parsing.

Avast team:

Disable PM globally on all accounts and let users turn the feature ON if they select to do so. I would imagine the vast majority of registered forum users have not ever used the PM feature. Also see if limits on number of PMs or posts in a given day or maybe hour could be set so that automated PM attacks are not effective.

Thank you for listening,
-felipe

I think the mods have done the only best action, to disable pm’s.

My last post here was the end of 03, and I don’t recall visiting until I got the same email. Also I never used the pm’s, but had a message from each of these guys. :-\

There are already steps implimented to counter this PM spam atack and an apology, http://forum.avast.com/index.php?topic=24203.0

I think that if people would learn to stop opening PM’s, e-mail’s , and messages in IM’s from people they don’t know or,
communications that contain links to places they don’t know or didn’t request, none of this would have bothered anyone
outside of alerting a Moderator.
If you don’t know what it is and aren’t familiar with the contents, DELETE IT. :slight_smile: