SecurityEng12 0 Posted August 6 Share Posted August 6 What is this detection and what occured? Did the user try to download an extension? file://C:\Users\Sam\Documents\.work\_multizip.452.thread_12736 Quote Link to comment Share on other sites More sharing options...
itman 1,741 Posted August 6 Share Posted August 6 (edited) According to this: https://www.virustotal.com/gui/file/2aa9f15810e2c55dbc8522e386d76d1a8fb3a63a712b33e17bd2139a7b45c76b/detection , the detection is related to ZoomInfoContactContributor.exe which Eset classifies as a Potentially Unwanted Application. If you open your Eset Detection log, there should be an entry for the detection and what .exe Eset actually detected. Edited August 6 by itman Quote Link to comment Share on other sites More sharing options...
itman 1,741 Posted August 6 Share Posted August 6 (edited) Here's a detailed analysis on ZoomInfo: https://medium.com/@ChristyRucci/hunt-threats-now-to-seal-your-leaks-2a02547b9626 and why you don't want this crud on your device. Edited August 7 by itman Quote Link to comment Share on other sites More sharing options...
itman 1,741 Posted August 7 Share Posted August 7 (edited) For those not wanting to read the entire Medium.com article I linked above, I've summarized why you don't want Zoom Info running on your device/installation; Quote I was able to easily identify the scope of data that Zoom Info was taking from the network. Zoom Info collected the following: Email Header Information Address Book Entries Email Signatures Email Contact Subject Lines Email Signatures V2 Email Bounce Codes Looking through the data collected, there were a few things that were particularly disturbing. The most obvious is the fact that Zoom Info is collecting email subject lines (which they claim to not do on their website). The second disturbing piece here is that Zoom Info is scraping contact information from anyone that sends an email to an infected host/person, whether they “opted” in or not. Data is being collected on people unknowingly, subject to no terms of service (TOS) or acceptable use policy (AUP), based simply on association to someone. Seeing the access ZoomInfo had to Outlook data made me question how it was doing all this while staying under the radar of security applications. I appears that ZoomInfo is using a DLL to gain it’s unfettered access to Outlook. This DLL was easily researched and it’s site clearly states it’s purpose: Outlook Redemption works around limitations imposed by the Outlook Security Patch plus provides a number of objects and functions to work with properties and functionality not exposed through the Outlook Object Model. The access this DLL creates is a bit much for my liking, especially in a production network. Edited August 7 by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.