Eset Selling Email Addresses?

Discussion in 'NOD32 version 2 Forum' started by sflorack, Dec 9, 2004.

Thread Status:
Not open for further replies.
  1. sflorack

    sflorack Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    45
    Today I received a hoax email regarding my PayPal account. As every site domain I access and every business I interact with has a unique disposable email address assigned to it, I referenced which site/business had revealed my email address. I was suprised to see nod32.com as the site associated with this address -- the very same address that was used to purchase my Eset Nod32 subscription.

    I think it's important to note that I do not use an email program locally; instead I use a paid web-email service (so a worm or email address harvester is unlikely.) I have received less than five spam emails since I've been a member of this email service for the past three years.

    I don't want to quickly point fingers or make accusations, but I'm extremely concerned about how this address was acquired -- either by being sold or illegally obtained.

    Just for your info, this is the WHOIS data on the IP address of the email that was sent. The email was (IMHO) very well designed, at least from a cosmetic standpoint.

    Country: CHINA

    Looking up 61.152.219.2 at whois.apnic.net.


    % [whois.apnic.net node-1]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 61.152.216.0 - 61.152.219.255
    netname: SHANGHAI-SONGJIANG-ONLINE
    descr: Shanghai SongJiang Telecom Bureau
    country: CN
    admin-c: ZH72-AP
    tech-c: HZ47-AP
    mnt-by: MAINT-CHINANET-SH
    status: ASSIGNED NON-PORTABLE
    changed: ********@mail.online.sh.cn 20010409
    changed: **********@apnic.net 20040927
    source: APNIC

    person: Zheng Haifeng
    address: 339 LeDu Road,SongJiang,Shanghai,201600
    country: CN
    phone: +86-21-67812121
    fax-no: +86-21-67812124
    e-mail: ***@sj.net.cn
    nic-hdl: ZH72-AP
    mnt-by: MAINT-CHINANET-SH
    changed: ******@online.sh.cn 20000522
    source: APNIC

    person: Hu Zhiwen
    address: 339 South Renmin Road,SongJiang,Shanghai,201600
    country: CN
    phone: +86-21-57815421
    fax-no: +86-21-67812124
    e-mail: *******@sj.net.cn
    nic-hdl: HZ47-AP
    mnt-by: MAINT-CHINANET-SH
    changed: ******@online.sh.cn 20000522
    source: APNIC
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    While I understand the security measures you have in place, I have no doubt whatsoever that Eset would never sell their own customer email database to anyone, it would be a highly foolish move. More likely that your email address and theirs has been harvested in some form or another and used in the process that you are seeing.

    Cheers :D
     
  3. sflorack

    sflorack Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    45
    Thanks for the reply.

    I doubt it was harvested because I use a web-email provider, and the email address hasn't been used since September (and then only twice). The address was never publically displayed in any way.

    I, too, would hope that it was not sold. But I am still concerned about the level of security Eset has inplace if this type of abuse occurs.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    I would like to see Eset encrypt this page. Email addresses can be stolen on a page like this.

    I certainly don't believe they are selling addresses. That would kill the company.

    http://www.nod32.com/support/support.htm
     
  5. sflorack

    sflorack Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    45
    Also note that the affected email address was not posted in this, or any other forum, at any time. You're right; that would be looking for trouble.
     
  6. DiGi

    DiGi Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    114
    Location:
    in the middle of nowhere
    Many spams on my old unused free-web-email address... - spammers are trying random emails (or mails from wordlist) :(

    I must disable (delete) my primary email - becuase i got over 200 spams per day... After half year inactivity i try to enable that account again. And - another 50 spams in ONE DAY. Half year inactive email and it is still on many spam lists :-(

    Eset is not mad - they aren't selling emails...
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Sflorack,

    I can assure you Eset does keep all customers' details confidential and does not sell any information to 3rd parties. I presume the thing is you kept the original email from Eset in your mail client and a certain spyware / worm harvested all email addresses and sent it to someone else.

    I wonder if you could send the email from Paypal you got along with the email address you used for registration to support@nod32.com with a link to this thread.
     
  8. sflorack

    sflorack Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    45
    The email service I use is not Yahoo, and as I said earlier, I have received 5 spam emails in 3-4 years.

    The email address that was hoaxed is not a dictionary word, nor a common name. Actually, here is an example of my assigned email addresses:

    lg3f5y-tkn49a@mydomain.com

    If you think someone randomly guessed this, you give people more credit than I do. :D
     
  9. sflorack

    sflorack Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    45
    I don't use a POP/IMAP mail client such as Thunderbird, Outlook, or Eudora. I use a web-email service (FastMail) that would be unaffected by worms attempting to harvest addresses. I also utilize Nod32 locally, and they have Kaspersky on their mail servers. I have over 300 customized email addresses given out to specific sites/companies, and the one assigned to nod32.com has been the only one ever hoaxed or spammed.

    I will be emailing support this afternoon. I'll be sure to let everyone know what they say.
     
  10. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    There's a good chance that it could have been spoofed off of someone's elses address book or email system.
     
  11. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Nah, that is impossible. I know many guys at Eset, and they are good people that will never make things like that. I've a license for 5 computers and many friend has NOD too with his/her licenses and we haven't problems like that. Maybe you've a keylogger or a spyware in your PC.
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That would be appreciated.

    Cheers :D
     
  13. dknight

    dknight Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    3
    Location:
    San Diego, CA USA
    The topic of this email hits a hot button for me since it is a direct accusation and later in the thread it is learned that this sensitive topic had not been presented to the vendor (ESET) prior to a public posting? I ran a large ISP for many years and these types of postings consume significant corporate resources and set the wrong impression in potential customers minds.

    SPAM is a very tough world. I recognize that you believe that you have taken significant measures in an attempt to reduce/eliminate SPAM in your world (don't we all). However, the marketing companies are getting more creative every day and there are several different possibilities including a security breach at your web/email hosting company, packet sniffing (sorry, encryption isn't good enough), router logfile capture, etc. Not to mention the fact that the marketing companies will pull known "words" and repackage them against every email/hosting/IP providers name in hopes of hitting someone real.

    Forums such as this are excellent sources of information for making product decisions, sharing ideas, etc. Unfortunately, posting such as this position unnecessary doubt in the minds of potential consumers/customers of reputable vendors such as ESET.

    Without a stronger foundation for the accusation, I think it would be appropriate to remove this thread until a resolution is obtained between ESET and the original poster.

    OK, I'm off my soap box.
    :)
     
    Last edited: Dec 10, 2004
  14. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    I agree. There's a time and place for everything, and this isn't the place, IMO. However, it's similar to the postings in this forum like "NOD32 Misses Viruses Other AV's Detect!"

    All in a day's work for ESET, I suppose... :doubt:
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    Marcos has requested information on this matter and the thread will remain open for the time being.
     
  16. sflorack

    sflorack Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    45
    The address isn't in anyone's address book as it is an address uniquely assigned to Eset. If it was taken from an email system, it would probably have been Eset's.
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Let's leave all assumptions as just that, until Eset are given a chance to investigate further.

    Thanks

    Blackspear.
     
  18. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    I have also been very thorough in protecting my email address. Recently, I received my first ever phishing email "from" my bank. Although I do not have any evidence that it is related to NOD32/Eset in any way, it is a little bit suspicious.

    NOTE: I am not blaming Eset at all, only adding my experiences.
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This thread has now been closed until further investigations are made by Eset, at which time it will be reopened.

    Blackspear.
     
  20. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    Just a little note...

    Then it would be available in the cache of your browser. Many things harvest local html files. Local harvesting is my guess too..
     
Thread Status:
Not open for further replies.