malware - COMODO HIPS firewall spamming me
2014-07
I recently setup my windows system with a Comodo Firewall. The only issue is, whenever I install/run a program that needs to either connect to a specific port or modify a reg key, Comodo goes nuts and requests my authentication for EVERY single behavior within its boot process.
So for example, if I run the program 'legitcheck.hta' for the first time. It will send me at LEAST 20 requests to allow its various connections and/or privileged modifications.
A lot of the time, I just want to be able to click 'Allow all modifications by program x'
Could anyone help me out? I'm super impressed with a lot of the options Comodo provides, but this one is a game breaker.
The worst thing is it makes a sound every time it asks me!
anonman
See http://help.comodo.com/topic-72-1-284-2969-.html
- How to make execeptions for programs -
Click on 'Define a New Trusted Application' link in Firewall Tasks . A dialog box appears prompting you to select the application you want to trust. Click the 'Select' button. You now have 3 methods available to choose the application that you want to trust - 'File Groups'; 'Running Processes' and 'Browse...'. File Groups - Choosing this option allows you to choose your application from a category of pre-set files or folders. For example, selecting 'Executables' would enable you to create an allow rule for any file that attempts to connect to the Internet with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl . Other such categories available include 'Windows System Applications' , 'Windows Updater Applications' , 'Start Up Folders' and so on - each of which provide a fast and convenient way to batch select important files and folders. Running Processes - as the name suggests, this option allows you to choose the target application from a list of processes that are currently running on your PC. Browse... - this option is the easiest for most users and simply allows you to browse to the location of the application which you want to trust. When you have chosen the application using one of the methods above, the application name appears along with its location: Click 'Apply' to confirm your choice.
puri
Recently I got an email with subject like "Delivery Status Notification (Failure)". It had been initially sent to my friend's old email account. The content inside that failed email was obviously one of a spam email. I wonder if some viruses infect my machine but either Kaspersky or AVG (free version) is installed in my two PCs and a notebook and it is doing fine.
My theory is that one of my friends' computers instead got some viruses and they generated such emails from a random email address to the rest of the hacked address book. Is this possible? What are your theories?
UPDATE: All the spam things have stopped since the day I posted this question. Now I wonder if my theory above is technically possible. If so, mine should not be the first and the case must be well-documented somewhere.
MPritch
You've hit the nail right on the head there. Many virus's send spam from an address in the address book of the infected machine. Sending messages from a known person is good to con people into opening the virus and infecting another machine. 'Oh look, Puri has sent me some pictures'. Also, by using random users, rather than the email of the infected person prevents the infected machine from being easily identified.
mas
Unless the sending mail-server (e.g. the one operated by an ISP or webmail service) checks it then an email can be sent with the From: address set to any valid address.
A recipient has to check the routing (Received: from) information in the email header to see whether this source is likely. Some emails also have Received-SPF: and Authentication-Results: entries that may add to or detract from the credibility of the claimed origin.
harrymc
Everything is possible, since virus writers have lately become quiet creative.
I wouldn't discard the possibility that this is all happening inside your own computer, meaning that it's you that's infected. Run antivirus and adware scans on you computer and maybe use a couple of online virus scans supplied by some of the better-known companies (google "online antivirus scan").
Brad Patton
It's called email spoofing
The technique is now used ubiquitously by bulk email software as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU, Klez and Sober will often try to perform searches for email addresses within the address book of a mail client, and use those addresses in the From field of emails that they send, so that these emails appear to have been sent by the third party. For example:
Alice is sent an infected email and then the email is opened, triggering propagation. The worm finds the addresses of Bob and Charlie within Alice's address book. From Alice's computer, the worm sends an infected email to Bob, but the email appears to have been sent by Charlie.