Has ESET been hacked ?

Discussion in 'ESET NOD32 Antivirus' started by Dieter Bressem, Jun 27, 2013.

Thread Status:
Not open for further replies.
  1. Dieter Bressem

    Dieter Bressem Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    36
    Location:
    Germany
    Today I got an (fake) email from Eset

    If you start the link, they will ask you for credit card details, so I i think this is a fake, Maybe just
    users in Germay are affected. Don't know from where they got my full name, maybe they hacked the database of
    a German reseller.

    Source address from server.affairs4u.com (server.affairs4u.com [216.246.29.28]), which is located within
    the Chicago area.

    Anyone else got this mail ?

    This is the mail:

     
  2. Krischi

    Krischi Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    1
    Location:
    Germany
    Good morning,

    we received the same e-mail today. The mail is correctly adressed to the person who registered at ESET.

    Hoping for a statement from ESET Germany if customer (and possibly credit card data) has been stolen.

    Best regards,
    Christian
     
  3. Nassel2k

    Nassel2k Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    4
    Location:
    Germany
    Same mail for me
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    That is very bad news! Have you posted this information over at Eset's New Forum here https://forum.eset.com/ I hope it was only a reseller, but at any account this is very bad news. If there has been a security breach where user's credit card info was compromised then it was not everyone's because they would not ask you for it if they already had it. Who knows though; other user's may not be so lucky. I usually don't save my credit card info with any vendors since I have no way of knowing if their servers will be compromised. I think most companies give you an option whether to save your Credit Card Info on their sites. At any rate I would not want them to steal any of my data. Sometimes they can capitalize off just getting a little of your data by using it to get the rest they need which is want they attempted on you. They should know Eset user's are smarter than that lol
     
    Last edited: Jun 27, 2013
  5. Nassel2k

    Nassel2k Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    4
    Location:
    Germany
    It wasn't a reseller, I bought my licenses directly at the license shop.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Nassel2k, could you post the link from which you purchased your license? I want to make sure it's their main website.
     
  7. Nassel2k

    Nassel2k Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    4
    Location:
    Germany
  8. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    Have the same issue ( see other post )
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Well, that makes 2 users that has posted in this thread saying they received the email, and they bought their license directly from Eset. This could be a bigger problem than I hoped for. I guess we will just have to wait until Eset addresses this issue. I myself have not received an email yet. I live in the USA.
     
  10. Eazi

    Eazi Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    10
    I´ve got that email today, too. I already bought the licence directly from Eset in January. Country: Germany.

    Now waiting for an official reply from Eset.
     
  11. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    Just talked to eset Germany support. They are aware of the problem and currently investigating source, leakage and partner processes as it appears the currently only licenses are affected beeing purchased through esets official shop ( licenses purchased through assigned partners don't seem to be affected so a leakage in the shopsystems could be source of adresses).
    Up to now, it seems to be a German problem only ( which does it not make less problematic)

    In my customer base, the problem is reported by one customer which had his license through the shop. there have been no reports so far by customers directly served by the partner channel.

    BTW. This issue is now also documented on forum.eset.com
     
  12. firehead

    firehead Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    2
    Location:
    Germany
    same here.
    from: @server.affairs4u.com
    using: http://esetnod.tld.cc
    my location: Germany
    I bought it directly from the german ESET shop, using an email address that was only available to ESET.
     
  13. rinem

    rinem Registered Member

    Joined:
    Mar 11, 2012
    Posts:
    156
    That adress shows phishing website on my chrome browser.
     
  14. Christine A

    Christine A Registered Member

    Joined:
    Jan 5, 2013
    Posts:
    2
    Location:
    Germany
    The same here!

    - the Mail to my registered email-Adress (without German-Umlaut)
    - correct spelled Reg-Name (with Umlaut)
    - ESS bought direct at Eset

    What is it.

    Eset has updated the Signaturefiles for NOD/ESS:


    Kind Regards
     

    Attached Files:

  15. HenSch

    HenSch Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    2
    Location:
    Germany
    Same issue for me... I am an ESET customer (Smart Security) for many years and always purchased and extended licenses for me, my family and friends in the official German online shop of ESET.

    It is sad, that ESET has not yet send an official notification to all the customers telling them to ignore the fake email and that more details about what has happened will be distributed soon.

    best regards
    Hendrik
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    There are several threads about it at the new Eset forum:

    [noparse]https://forum.eset.com/topic/462-has-eset-been-hacked/[/noparse] - thread moved/merged to link added below - LowWaterMark

    New link: https://forum.eset.com/topic/466-phishing-email-targetting-german-eset-users/

    https://forum.eset.com/topic/460-possible-compromise-of-eset-customer-info-german-reseller/

    =====

    Report at heise.de (in German):
    http://www.heise.de/security/meldung/Gezielter-Phishing-Angriff-auf-Eset-Kunden-1897681.html
     
    Last edited by a moderator: Jun 27, 2013
  17. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    Look at the horrible grammar and spelling in the e-mail. That is a dead giveaway it is fake.
     
  18. wert33

    wert33 Registered Member

    Joined:
    Jun 14, 2012
    Posts:
    48
    Location:
    germany
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  20. HenSch

    HenSch Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    2
    Location:
    Germany
    Nice news, but this information should be sent by email to the customers.
    I know many people who are not so familiar with IT topics and all the risks and I am sure they will not visit heise.de or the ESET homepage and read the company news every day or every week. And they also do not have perfect English skills, so they will not recognize the wrong grammar.

    If they check their email inbox today evening and they see one email from ESET in English (the fake) and another one with a subject like "Warning! Faked emails..." (in German), this would really minimize the risk.

    At the moment I am doing this job and tell them that they should ignore this email.

    best regards
    Hendrik
     
  21. Nassel2k

    Nassel2k Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    4
    Location:
    Germany
    Eset did send out warnings regarding the phishing mail in the late evening.

    Any up-to date Eset program shows it as phishing trojan aswell.
     
  22. kjz

    kjz Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    30
    Now these email addresses are also used for Paypal phishing. Its the same code on the website used for Paypal phishing:

    Paypal-Phishing (today)
    Code:
    <form name="main" id="main" method="POST" action="/Gooodshot.php">
    <input id="swich" name="swich" value="0" type="hidden">
    <input name="user" value="" type="hidden">
    <input name= "pass" value="" type="hidden">
    <input name="defaultaddress" value="" type="hidden">
    <input name="ip" value="41.251.67.216" type="hidden">
    <input name="Send" value="shadyflw@gmail.com" type="hidden">
    Eset-Phishing (before)
    Code:
    <form name="main" id="main" method="POST" 
    action="Gooodshot.php">
    <input id="swich" name="swich" value="0" type="hidden">
    <input name="user" value="" type="hidden">
    <input name="pass" value="" type="hidden">
    <input name="defaultaddress" value="" type="hidden">
    <input name="ip" value="41.251.67.216" type="hidden">
    <input name="Send" value="shadyflw@gmail.com" type="hidden">
     
  23. MyBlackBox

    MyBlackBox Registered Member

    Joined:
    Jun 28, 2013
    Posts:
    35
    Location:
    Italy
    There's a 'shadyflw' here: 4shared.com/u/WE-4-elp/shadyflw.html

    It has thousands of downloads, and I think you can get so many downloads only with tricks as the ad.fly redirection or other pay-per-click scripts...

    EDIT: Looking at the link on post #25, maybe the downloads come from an mp3 file.

    Wonder if it's related, if not I'm sorry for the false alarm!
     
    Last edited: Jul 3, 2013
  24. kjz

    kjz Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    30
  25. MyBlackBox

    MyBlackBox Registered Member

    Joined:
    Jun 28, 2013
    Posts:
    35
    Location:
    Italy
Thread Status:
Not open for further replies.