Mailtracking/hacking - can Nod prevent this?

Discussion in 'ESET NOD32 Antivirus' started by IvanFraser, May 21, 2008.

Thread Status:
Not open for further replies.
  1. IvanFraser

    IvanFraser Registered Member

    Joined:
    Feb 3, 2008
    Posts:
    14
    For reasons of privacy, I don't want people to know when and how often I access mails on my pc. However this software ht tp://www.mailtracking.com/mailtracking/about.asp can be used to tell the sender all these things and more.

    I recently got a mail from a friend using it and was shocked to see that he knew I was at the pc because he was alerted by mailtracking that I had accessed his email, for how long, when, what my IP address is etc!

    I checked the mail and found the following code, which when opened sends details to the server every few seconds:

    <DIV alt="bi5c876wr3yht1."><PRE>&nbsp;</PRE><PRE><BR><IMG height=1 alt="" src="http://www.bi5c876wr3yht8.MailTracking.com/nocache/bi5c876wr3yht9/footer0.gif" width=3 lowsrc="" border=0 NOSEND="1" moz-do-not-send="true"><IMG height=1 alt="" width=2 lowsrc=http://www.mailtracking.com/ca/rspr47.gif border=0 moz-do-not-send="true"><BGSOUND src="https://tssls.bi5c876wr3yhtv.MailTracking.com/nocache/bi5c876wr3yhtv/rspr47.wav" volume=-10000 Alt="" Lowsrc="">
    </PRE>
    <TABLE height=1 width=3 border=0>
    <TBODY>
    <TR>
    <TD
    background=http://0312.157.34104/nocache/bi5c876wr3yhtP/rspr47.gif></TD></TR></TBODY></TABLE><IFRAME
    style="BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; WIDTH: 0px; BORDER-BOTTOM: 0px; HEIGHT: 0px"
    src="http://www.bi5c876wr3yhto.MailTracking.com/ifrm?bi5c876wr3yhtp=2"
    frameBorder=0 width=1 height=1></IFRAME></DIV>


    So, does anyone know a way to block communications with these things from within Outlook using NOD32 v3?

    I am aware that using Outlook in Plain Text view will do this, but I get so many formatted HTML mails which are ruined by converting to PT, I would rather find a security measure such as NOD to specifically scupper these things and allow me to still view HTML mails.

    Many thanks

    Ivan
     
    Last edited by a moderator: May 21, 2008
  2. IvanFraser

    IvanFraser Registered Member

    Joined:
    Feb 3, 2008
    Posts:
    14
    Ha!

    Just added *mailtracking.com* wildcard to the blocked HTTP addresses in NOD, and it appears to be doing the job - came up with a 'blocked' alert for all 3 addys embedded in the mail when I forwarded it back to me and when I opened the mail as an HTML webpage.

    Great, as far as it goes. But I wonder how many other similar progs there are out there being used to spy on us?

    Ivan
     
  3. Gez

    Gez Registered Member

    Joined:
    Jan 15, 2006
    Posts:
    65
    Location:
    Ireland
    Two that I know of are readnotify.com and MsgTag.
    I switched from MS Outlook to the excellent Becky! Internet Mail client for a number of reasons, one of which is the ability it gives me to decide which mails to show in plain text and which to show in HTML. I recommend it highly as one of the best email clients I've tried.
     
  4. IvanFraser

    IvanFraser Registered Member

    Joined:
    Feb 3, 2008
    Posts:
    14
    Thanks for the feedback, but I'm a keen Outlook user, having used it for years integrated with various bits of kit.

    I'm contacting the support of a programme that is supposed to strip this kind of code from emails - Benign, by Firetrust, the same people that do Mailwasher - to see why it doesn't work on this particular company's coding.

    If I find that there's just an error or glitch with my Benign, and I can have it fixed, then all will be fine.

    I'm just amazed and annoyed that this programme, that I was running for years, assuming it was disabling this kind of thing, hasn't been - at least in the case of mailtracking.com.

    Ivan
     
  5. IvanFraser

    IvanFraser Registered Member

    Joined:
    Feb 3, 2008
    Posts:
    14
    heh - seem to be talking to myself a lot :D

    Anyhoo - despite Nod telling me it was blocking the embedded addresses with mailtracking.com in them, my friend on the other side was notified immediately when I opened the email that he sent recently.

    A bit stumped now.

    Still waiting for Firetrust to get back re their Benign programme's failure to do its job of stripping out tracking code though :rolleyes:

    Ivan
     
  6. Gez

    Gez Registered Member

    Joined:
    Jan 15, 2006
    Posts:
    65
    Location:
    Ireland
    I'm no expert on this but is it possible the notification to the mailtracking server is embedded in the HTTPS wav file? That would probably bypass Benign, not to mention NOD. If so, one solution would be to set up your software firewall to block outgoing HTTPS traffic from your mail client.
     
    Last edited: May 22, 2008
  7. IvanFraser

    IvanFraser Registered Member

    Joined:
    Feb 3, 2008
    Posts:
    14
    Yes Gez, I agree.

    I wonder if this subject has any interest. I have highlighted a hacking company that can log people's email viewing, time, duration, forwarding IP etc. at the click of a mouse.

    It can also create self-destructing emails that the user can cause to be deleted and disable copying and forwarding.

    I think this is a huge infringement of privacy for everyone. It is spyware by nature if not by name, and hacking - legally.

    All the user has to do to gain mastery over what is in YOUR computer, is sign up with this Mailtracking company and add mailtracking.com to their emails. You would never know.

    Everyone is vulnerable.

    Nobody but you however seems bothered.

    I will be trying to sort it. CS At Benign are still on the case. We'll see.

    Thanks for your input.

    Ivan
     
Thread Status:
Not open for further replies.