Now that we have your attention <g>
From Ellen - as posted over in the newsgroups
We do *not* send mail as staff[at]spamcop.net -- if you get mail from that
address in your SpamCop account, it a new variant of a virus mailing. Please
just delete it, do not execute it. The mail system is on automatic AV dat
updates and will have new updates as soon as the AV company posts them *but*
there is always a gap between the release of a new virus and the AV dat file
updates so stay vigilant everyone!
OTOH I am sure that our users are smart enough not to fall for this -- but I
thought I would mention it for those of us who sometimes read our email with
most of brain engaged elsewhere :-)
Ellen
And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...
Full Version: SpamCop does not send virus
no updates yet as to whether or not the anti-virus updates have been written / supplied / installed ... just a lot more complaints about the increasing flow of these damn things from all around the world.
There's a new virus called Beagle-J which has such effects. I told that to Jeff already. I received an email to my Spamcop account containing this virus.
Dimitris
Dimitris
Well, there's actually several "new" nasties running around, that's the reason for this Topic ... that folks were receiving e-mail allegedly from SpamCop specifically, but as said in my last, it's happening all over the world, lowlife scum taking advantage of what once was a nice thing, letting the sender know that their e-mail didn't make it through .. so not only the scanning engines are needing updates, they're causing more ISPs to add to the list of banned file type/name attachments, and causing more issues to those that used to rely on e-mail in general ....
Well, it seems that there are still new variants being created, so the virus scanning database is still behind the powercurve. Just reporting the obvious to move this back up towrds the front of the list.
JT, can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files? I'm not expecting any such files via email any time soon, and I'd like to have the bagle-spew filtered. Thanks!
QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan
Lukas
QUOTE(Lukas @ Mar 6 2004, 03:26 AM)
QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan I'd need lots more than ten slots to make that happen, and they wouldn't cover the following:
- email sent directly to my spamcop.net account
- email sent through strict forwarders, like bigfoot, sneakemail, and spammotel
- email forwarded through systems that are too messed up to allow changes, like mailandnews
QUOTE(Lukas @ Mar 6 2004, 03:26 AM)
QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan QUOTE(JeffG @ Mar 6 2004, 07:23 PM)
QUOTE(Lukas @ Mar 6 2004, 03:26 AM)
QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan I don't think so. It seems to block everything it is unable to scan.
I discovered this because emails with an unencrypted archive (split up in 2 volumes) got lost through Spamcop-POP. (Blocked by AV). When forwarded to my Spamcop account the same mails got through without problem.
(I'd prefer to have options... and to get everything not positively identified as a virus...)
I would strongly recommend that a note about these spams is featured on Spamcop's front page, because not every user is going to penetrate to the forums and read through this thread. The spams look very genuine, no complex data trail, email addresses which appear to belong to this domain, X-mailer Spamcop etc. It's only by examining the headers carefully that you notice that you are invited to reply, if you wish, but that the reply email addresses start with "harvest" and "bounce". However, there is a legitimate program called Harvest. I'm not sure that my husband and I would have worked it out even then, except that not only were both of us "one of the very few addresses compromised" (which might even have made sense, since we registered at the same time) but one of the dead addresses at his work, our ISP, also received one.
I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it.
I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious...
Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this:
"Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam."
_________________________entire spam received, including headers____________________
From: harvestbug[at]admin.spamcop.net
Subject: SpamCop security breach
Date: 14 August 2004 9:55:12 AM
To: clytie[at]riverland.net.au
Return-Path: <harvestbounces[at]admin.spamcop.net>
Delivered-To: clytie[at]riverland.net.au
Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700
Precedence: list
Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net>
X-Mailer: http://www.spamcop.net/ v1.370
Hello SpamCop user (or recipient of SpamCop reports),
We appologize for this email, but we felt it was important to let you know
of a recent security bug in the SpamCop codebase.
This problem was fixed within hours of its discovery, but unfortunately
your address was among the very small number that was revealed before
we were able to resolve the problem.
We want you to know that security remains our highest priority. We are
always working to ensure that your account information remains secure.
Please accept our sincere appologies for this serious oversight. If you
have any questions, comments or concerns you may reply to this email to
reach a SpamCop representative.
Thank you for your understanding,
- SpamCop management
______________________________end of pasted message___________________________
I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it.
I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious...
Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this:
"Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam."
_________________________entire spam received, including headers____________________
From: harvestbug[at]admin.spamcop.net
Subject: SpamCop security breach
Date: 14 August 2004 9:55:12 AM
To: clytie[at]riverland.net.au
Return-Path: <harvestbounces[at]admin.spamcop.net>
Delivered-To: clytie[at]riverland.net.au
Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700
Precedence: list
Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net>
X-Mailer: http://www.spamcop.net/ v1.370
Hello SpamCop user (or recipient of SpamCop reports),
We appologize for this email, but we felt it was important to let you know
of a recent security bug in the SpamCop codebase.
This problem was fixed within hours of its discovery, but unfortunately
your address was among the very small number that was revealed before
we were able to resolve the problem.
We want you to know that security remains our highest priority. We are
always working to ensure that your account information remains secure.
Please accept our sincere appologies for this serious oversight. If you
have any questions, comments or concerns you may reply to this email to
reach a SpamCop representative.
Thank you for your understanding,
- SpamCop management
______________________________end of pasted message___________________________
I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail. Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.
QUOTE(Wazoo @ Aug 14 2004, 03:22 PM)
I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail. Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.
Thankyou for taking the time to answer. I'm sorry, I don't quite understand what you are saying: do you mean that some of what I suggested is already used by spammers? Sorry to be muddled. <blush>
from Clytie
Submission of spam by e-mail results in an e-mail that includes links to a reporting page. Thus your requested statement and definition of "any e-mail from SpamCop" includes normal traffic to/from the SpamCop servers.
Ah, thanks. 
I was having trouble working that one out.
It was only a suggestion: you guys know your business best, and thus can come up with an effective warning/news bulletin which will unconfuse Spamcop users, one hopes.
I still think something of that nature is necessary. People will look for that first, and, not finding it, be worried over whether the email is spam or not, and thus over whether they can trust _any_ email from Spamcop.
from Clytie
I was having trouble working that one out.It was only a suggestion: you guys know your business best, and thus can come up with an effective warning/news bulletin which will unconfuse Spamcop users, one hopes.
I still think something of that nature is necessary. People will look for that first, and, not finding it, be worried over whether the email is spam or not, and thus over whether they can trust _any_ email from Spamcop.
from Clytie
My ISP detected this one
Is this the same problem? I didn't get my held mail report.
QUOTE
**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************
MESSAGE QUARANTINED
Virus Detected: Malformed container violation
Message Details:
From: mailreport <at> spamcop.net
To: wroberts <at> spamcop.net
Subject: Held Mail Report
Date: 23 Sep 2004 09:19:33 -0000
EarthLink Virus Blocker has quarantined a message sent to
you because it contains a virus that cannot be removed or
disabled.
Quarantined messages are automatically deleted three days
after they are received.
To learn how to access quarantined messages, visit:
http://www.earthlink.net/myaccount/help/vi...ker/#quarantine
*******************
Powered by Symantec
*******************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************
MESSAGE QUARANTINED
Virus Detected: Malformed container violation
Message Details:
From: mailreport <at> spamcop.net
To: wroberts <at> spamcop.net
Subject: Held Mail Report
Date: 23 Sep 2004 09:19:33 -0000
EarthLink Virus Blocker has quarantined a message sent to
you because it contains a virus that cannot be removed or
disabled.
Quarantined messages are automatically deleted three days
after they are received.
To learn how to access quarantined messages, visit:
http://www.earthlink.net/myaccount/help/vi...ker/#quarantine
*******************
Powered by Symantec
*******************
Is this the same problem? I didn't get my held mail report.
Bill:
I would definitely retreive that message and bring this to the attention of the deputies as I'm sure they would like to know why a text only list of messages was tagged as a virus. What virus did it detect?
Bringing it to the attention of Earthlink would not be a bad idea either.
I would definitely retreive that message and bring this to the attention of the deputies as I'm sure they would like to know why a text only list of messages was tagged as a virus. What virus did it detect?
Bringing it to the attention of Earthlink would not be a bad idea either.
QUOTE(Bill Roberts @ Sep 23 2004, 06:34 AM)
My ISP detected this one
Is this the same problem? I didn't get my held mail report.
Is this the same problem? I didn't get my held mail report.
No...it's probably a bug with the "Earthlink Virus Blocker" -- which didn't like the format of your Held Mail report and so it treated it like a virus. Whether or not the "container" was "malformed" is something you might need to address with the SpamCop administration and/or Earthlink (good luck!), but I wonder if you can "whitelist" the Held Mail reports and if that will override their "Virus Blocker" (probably not).
DT
QUOTE(Wazoo @ Mar 3 2004, 09:59 AM)
Now that we have your attention <g>
From Ellen - as posted over in the newsgroups
We do *not* send mail as staff[at]spamcop.net -- if you get mail from that
address in your SpamCop account, it a new variant of a virus mailing. Please
just delete it, do not execute it. The mail system is on automatic AV dat
updates and will have new updates as soon as the AV company posts them *but*
there is always a gap between the release of a new virus and the AV dat file
updates so stay vigilant everyone!
OTOH I am sure that our users are smart enough not to fall for this -- but I
thought I would mention it for those of us who sometimes read our email with
most of brain engaged elsewhere :-)
Ellen
And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...
From Ellen - as posted over in the newsgroups
We do *not* send mail as staff[at]spamcop.net -- if you get mail from that
address in your SpamCop account, it a new variant of a virus mailing. Please
just delete it, do not execute it. The mail system is on automatic AV dat
updates and will have new updates as soon as the AV company posts them *but*
there is always a gap between the release of a new virus and the AV dat file
updates so stay vigilant everyone!
OTOH I am sure that our users are smart enough not to fall for this -- but I
thought I would mention it for those of us who sometimes read our email with
most of brain engaged elsewhere :-)
Ellen
And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...
Hi there,
I've just received an email from staff[at]spamcop.net and I now have 'Play Casino Online' on my desktop which refers me to a premium rate number. Does anyone have any recommendable software to remove this.
cheers,
Raj
---------------
My Webpage
Oooops, it probably loaded some malware and/or viruses...I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places..
QUOTE(dra007 @ Apr 11 2006, 02:28 PM)
<snip>
I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places..
...And/or try the "Suggested Tools and Applications" SpamCop Forum.I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places..
...Good luck!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.