SpywareHammer.com

SpywareHammer Security Forums => Phishing, Fraud and Spam Reporting => Topic started by: RoHe on February 29, 2012, 03:13:01 PM

Title: Cocoon - "A better way to browse" - NOT!!!!!
Post by: RoHe on February 29, 2012, 03:13:01 PM
Don't know if anyone else has experience using Cocoon (https://getcocoon.com/) as an add-on to IE or Firefox.  It's supposedly a free "plugin that makes everything you do online secure, virus-free and private."

Well I took a chance and now I regret it!!!  :m

I registered at Cocoon earlier this week using an email address I normally reserve for personal use, eg, I use this address to send messages to myself and to bcc myself on certain outgoing emails.

Unfortunately, since signing up for Cocoon, I've been bombarded with obnoxious porno spam. I've had that email address for ~5 years and never before gotten even a single piece of spam in that mailbox.  While I can't prove Cocoon intentionally -or otherwise- shared my email address with anyone, it's very suspicious and highly coincidental that spam started arriving immediately after I signed up.  Guess I'll have to disable that email account and create a new one.

I sent a message to Cocoon with my complaint but -so far- there's been no response.

Bottom line: USE COCOON AT YOUR OWN RISK, AND DON'T GIVE THEM YOUR PRIMARY EMAIL ADDRESS!!!

 >:(

Ron
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Hoov on February 29, 2012, 05:42:42 PM
Hmm! Never even heard of it, but thanks for the warning.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Bugbatter on March 01, 2012, 03:12:24 PM
Quote
Unfortunately, since signing up for Cocoon, I've been bombarded with obnoxious porno spam. I've had that email address for ~5 years and never before gotten even a single piece of spam in that mailbox.
Hmmm... interesting....
I follow Cocoon (https://getcocoon.com/) on Twitter and have seen them post only reliable security related information. I'll have to dig a bit deeper. Thanks for sharing, Ron.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: 1972vet on March 01, 2012, 05:01:19 PM
I had been following a discussion about it at Wilders (http://www.wilderssecurity.com/showthread.php?t=296644) last year but lost interest after a short while. You can see, those folks evidently let it drop dead as well.

Back and forth, trial version, shareware, free version, $50 version or...whatever, it has had a time of it trying to get off the ground. Facebook even grew tired of them (http://nakedsecurity.sophos.com/2011/05/13/internet-security-and-privacy-startup-has-its-fan-page-shut-down-by-facebook-again/)...more than once.

True ground breaking applications have no such bad luck. It's either good or it aint. Giving away the whole farm sounds desperate to me. My advice...let it be.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Bugbatter on March 01, 2012, 11:24:59 PM
It appears that Ron is doing some troubleshooting after being contacted by Cocoon.  Let us know when the issue is resolved and if we can help.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: RoHe on March 05, 2012, 08:37:12 PM
Update-

At Cocoon's request I ran thorough malware scans. I used Malwarebytes, Microsoft Security Essentials, and Spybot, all with latest signature updates. All scans were negative.

Also ran ShieldsUp! at grc.com to test the ZoneAlarm (free) firewall. All ports on my system are hidden and no packets were sent out when ShieldsUp! tried to ping my system.  So I think it's fair to say that my system is clean and secure.

Since disabling the Cocoon Add-On for IE last Tues, I haven't received a single additional spam message (porn or otherwise) at the address in question. There could be several explanations for this, including:

1. My ISP's filters may have identifed the porno as spam and are now blocking it before it reaches my inbox.
2. I disabled Cocoon and haven't logged into their service since last Tues.
3. It was an entirely coincidental 'drive-by' spam attack.

There may be other explanations too.  My ISP is rather obscure, so I don't think this can be blamed on spam being sent to randomly generated email addresses at @my ISP, like it might happen if this were a yahoo or hotmail account. 

Cocoon asked for copies of the porno spam ( ;d ), but I'd already deleted all of it and emptied the trash, so I couldn't provide any for their investigation.

I'm rather reluctant to test #2 (above) by re-enabling their Add-On and logging into their service to see if that triggers another round of spam. So I don't know how much further Cocoon or I can take this.  Cocoon did take my complaint seriously so I can't fault them for their concern or efforts.

Everyone here should evaluate the risks of using Cocoon for themselves. Perhaps, if someone has an unused, disposable email address and is willing to invest some effort, that might be the way to see if using their service leads to a spam attack, porno or otherwise. 

Ron
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Hoov on March 05, 2012, 09:00:26 PM
I would think logging back onto their system shouldn't be a problem. You know about the suspected problem and are ready for it. But I understand your hesitation. Do you know if they have had any other reports of this same issue?
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: RoHe on March 06, 2012, 12:22:46 PM
Don't know if they've had other reports of this kind of problem but doubtful they'd tell me, even if they had. 

I don't want that email address spread around further than it's already gotten so that's why I'm reluctant to log in to Cocoon again, assuming that was the source of the breach.

Ron


Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Hoov on March 06, 2012, 12:33:02 PM
If you like I can hook you up with a disposable e-mail address. Then once you are done, I will kill it. That way everything else will be the same. That might be important if they need to troubleshoot further.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Bugbatter on March 06, 2012, 02:24:41 PM
That sounds like a good idea, Hoov.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: RoHe on March 06, 2012, 05:43:29 PM
Hoov,
If you got a disposable address, I'd give that a try. Will I be able to access that in-box via the web with my own password?

Nothing personal, but I wouldn't want it set up to auto-forward to any of my exisiting accounts.

Ron
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Hoov on March 06, 2012, 06:20:03 PM
I have sent you a PM with the info. Give it a half hour to make all the changes in the server then you should be able to use it. If you want any of it change so it will work better with what you use, just let me know. Once you have done troubleshooting it let me know and I will smash it flat and it will cease to exist.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: RoHe on March 07, 2012, 05:05:43 PM
I logged into Cocoon with the disposable email address last night and went surfing. Even went to a few of those sites to test it out. 
OMG!! :i :D1

As of this morning, no spam of any kind in that mail box...

I did notice the Dell forum wouldn't let me log in while the Cocoon Add-On was running.

Ron
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Hoov on March 07, 2012, 05:33:09 PM
 :ROLF

I guess it was a fluke? Did you irritate someone with your e-mail address?
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Bugbatter on March 07, 2012, 05:38:24 PM
Ron, did you let Cocoon know, just in case they are still investigating?

Quote
I did notice the Dell forum wouldn't let me log in while the Cocoon Add-On was running.
Ghostery sees two trackers at Dell Community -- one of those is also reported by NoScript.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: RoHe on March 07, 2012, 06:53:36 PM
I don't share that email address, so I would have to have annoyed my evil self.  :LOL

I'll wait another day or so before I respond to Cocoon, but I will follow up with them.

Not sure what is meant by:

"Ghostery sees two trackers at Dell Community -- one of those is also reported by NoScript."

Ron, did you let Cocoon know, just in case they are still investigating?
 Ghostery sees two trackers at Dell Community -- one of those is also reported by NoScript.

Ron
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Bugbatter on March 07, 2012, 10:16:06 PM
Quote
Not sure what is meant
Info here:
Ghostery (http://www.ghostery.com/)
No-Script (http://noscript.net/)
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: RoHe on March 09, 2012, 03:17:23 PM
Only 2 messages ever appeared in the disposable email address in-box and both were from Cocoon.

The first was a "Welcome to Cocoon" message. The second from them was a message about fixing a problem some users were having with Cocoon. (I didn't experience that particular problem.)

So the results are, at best, inconclusive because I don't know if the ISP hosting the disposable email account was flitering out any spam before it landed in the in-box. 

Since the initial torrent of spam to my personal address, there's been no more. To be clear, I haven't logged in with that address since the spam appeared.  Curiously, I never received their email about fixing that problem at my personal email address. Don't know what that means.

I'll relay my findings to Cocoon and the disposable email account can be closed.

:ty

Ron
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Hoov on March 09, 2012, 04:16:07 PM
The e-mail server does ZERO filtering. I have it set that way because I do all my own filtering locally. So you can be assured anything addressed to that e-mail and sent made it.

I will leave the account open till you here back from Cocoon. That way if you need to do some testing you can. It costs nothing.
Title: Re: Cocoon - "A better way to browse" - NOT!!!!!
Post by: Bugbatter on April 04, 2012, 06:44:01 AM
Ron,
Has this issue been resolved with Cocoon? If so, can you share the outcome here so that the public can decide whether or not it wants to support Cocoon?