Jump to content


Photo

SpamCop does not send virus


  • Please log in to reply
20 replies to this topic

#1 Wazoo

Wazoo

    What Life?

  • Forum Admin
  • 13,198 posts

Posted 03 March 2004 - 09:59 AM

Now that we have your attention <g> From Ellen - as posted over in the newsgroups We do *not* send mail as staff[at]spamcop.net -- if you get mail from that address in your SpamCop account, it a new variant of a virus mailing. Please just delete it, do not execute it. The mail system is on automatic AV dat updates and will have new updates as soon as the AV company posts them *but* there is always a gap between the release of a new virus and the AV dat file updates so stay vigilant everyone! OTOH I am sure that our users are smart enough not to fall for this -- but I thought I would mention it for those of us who sometimes read our email with most of brain engaged elsewhere :-) Ellen And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...

Edited by Wazoo, 03 March 2004 - 10:34 AM.


#2 Wazoo

Wazoo

    What Life?

  • Forum Admin
  • 13,198 posts

Posted 04 March 2004 - 09:16 AM

no updates yet as to whether or not the anti-virus updates have been written / supplied / installed ... just a lot more complaints about the increasing flow of these damn things from all around the world.

#3 enigma

enigma

    Member

  • Members
  • PipPip
  • 38 posts

Posted 04 March 2004 - 09:28 AM

There's a new virus called Beagle-J which has such effects. I told that to Jeff already. I received an email to my Spamcop account containing this virus. Dimitris

#4 Wazoo

Wazoo

    What Life?

  • Forum Admin
  • 13,198 posts

Posted 04 March 2004 - 10:37 AM

Well, there's actually several "new" nasties running around, that's the reason for this Topic ... that folks were receiving e-mail allegedly from SpamCop specifically, but as said in my last, it's happening all over the world, lowlife scum taking advantage of what once was a nice thing, letting the sender know that their e-mail didn't make it through .. so not only the scanning engines are needing updates, they're causing more ISPs to add to the list of banned file type/name attachments, and causing more issues to those that used to rely on e-mail in general ....

#5 Wazoo

Wazoo

    What Life?

  • Forum Admin
  • 13,198 posts

Posted 05 March 2004 - 11:45 AM

Well, it seems that there are still new variants being created, so the virus scanning database is still behind the powercurve. Just reporting the obvious to move this back up towrds the front of the list.

#6 Jeff G.

Jeff G.

    T-shirt wearing out

  • Membersph
  • PipPipPipPipPip
  • 3,730 posts

Posted 06 March 2004 - 02:52 AM

JT, can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files? I'm not expecting any such files via email any time soon, and I'd like to have the bagle-spew filtered. Thanks!
Best Regards, Jeff G. (full signature)

#7 Lukas

Lukas

    Member

  • Members
  • PipPip
  • 29 posts

Posted 06 March 2004 - 03:26 AM

can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?


you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D

Lukas

#8 Jeff G.

Jeff G.

    T-shirt wearing out

  • Membersph
  • PipPipPipPipPip
  • 3,730 posts

Posted 06 March 2004 - 03:40 AM

can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?

you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D

I'd need lots more than ten slots to make that happen, and they wouldn't cover the following:
  • email sent directly to my spamcop.net account
  • email sent through strict forwarders, like bigfoot, sneakemail, and spammotel
  • email forwarded through systems that are too messed up to allow changes, like mailandnews

Best Regards, Jeff G. (full signature)

#9 Jeff G.

Jeff G.

    T-shirt wearing out

  • Membersph
  • PipPipPipPipPip
  • 3,730 posts

Posted 06 March 2004 - 01:23 PM

can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?

you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D

Is that "different AV-System" similar to the one described edtnps84]here?
Best Regards, Jeff G. (full signature)

#10 Lukas

Lukas

    Member

  • Members
  • PipPip
  • 29 posts

Posted 08 March 2004 - 03:58 PM

can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?

you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D

Is that "different AV-System" similar to the one described edtnps84]here?

I don't think so. It seems to block everything it is unable to scan.
I discovered this because emails with an unencrypted archive (split up in 2 volumes) got lost through Spamcop-POP. (Blocked by AV). When forwarded to my Spamcop account the same mails got through without problem.

(I'd prefer to have options... and to get everything not positively identified as a virus...)

#11 clytie

clytie

    Member

  • Members
  • PipPip
  • 11 posts

Posted 13 August 2004 - 08:05 PM

I would strongly recommend that a note about these spams is featured on Spamcop's front page, because not every user is going to penetrate to the forums and read through this thread. The spams look very genuine, no complex data trail, email addresses which appear to belong to this domain, X-mailer Spamcop etc. It's only by examining the headers carefully that you notice that you are invited to reply, if you wish, but that the reply email addresses start with "harvest" and "bounce". However, there is a legitimate program called Harvest. I'm not sure that my husband and I would have worked it out even then, except that not only were both of us "one of the very few addresses compromised" (which might even have made sense, since we registered at the same time) but one of the dead addresses at his work, our ISP, also received one.

I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it.

I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious...

Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this:

"Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam."

_________________________entire spam received, including headers____________________

From: harvestbug[at]admin.spamcop.net
Subject: SpamCop security breach
Date: 14 August 2004 9:55:12 AM
To: clytie[at]riverland.net.au
Return-Path: <harvestbounces[at]admin.spamcop.net>
Delivered-To: clytie[at]riverland.net.au
Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700
Precedence: list
Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net>
X-Mailer: http://www.spamcop.net/ v1.370

Hello SpamCop user (or recipient of SpamCop reports),

We appologize for this email, but we felt it was important to let you know
of a recent security bug in the SpamCop codebase.

This problem was fixed within hours of its discovery, but unfortunately
your address was among the very small number that was revealed before
we were able to resolve the problem.

We want you to know that security remains our highest priority. We are
always working to ensure that your account information remains secure.

Please accept our sincere appologies for this serious oversight. If you
have any questions, comments or concerns you may reply to this email to
reach a SpamCop representative.

Thank you for your understanding,

- SpamCop management
______________________________end of pasted message___________________________
Clytie Siddall - Renmark, in the Riverland of South Australia

#12 Wazoo

Wazoo

    What Life?

  • Forum Admin
  • 13,198 posts

Posted 14 August 2004 - 12:52 AM

I just posted some commentary over in http://forum.spamcop...?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail. Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.

#13 clytie

clytie

    Member

  • Members
  • PipPip
  • 11 posts

Posted 14 August 2004 - 04:48 AM

I just posted some commentary over in http://forum.spamcop...?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail.  Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.


Thankyou for taking the time to answer. I'm sorry, I don't quite understand what you are saying: do you mean that some of what I suggested is already used by spammers? Sorry to be muddled. <blush>

from Clytie
Clytie Siddall - Renmark, in the Riverland of South Australia

#14 Wazoo

Wazoo

    What Life?

  • Forum Admin
  • 13,198 posts

Posted 14 August 2004 - 05:37 AM

Submission of spam by e-mail results in an e-mail that includes links to a reporting page. Thus your requested statement and definition of "any e-mail from SpamCop" includes normal traffic to/from the SpamCop servers.

#15 clytie

clytie

    Member

  • Members
  • PipPip
  • 11 posts

Posted 14 August 2004 - 06:54 PM

Ah, thanks. :) I was having trouble working that one out. It was only a suggestion: you guys know your business best, and thus can come up with an effective warning/news bulletin which will unconfuse Spamcop users, one hopes. I still think something of that nature is necessary. People will look for that first, and, not finding it, be worried over whether the email is spam or not, and thus over whether they can trust _any_ email from Spamcop. from Clytie
Clytie Siddall - Renmark, in the Riverland of South Australia

#16 Bill Roberts

Bill Roberts

    Member

  • Members
  • PipPip
  • 18 posts

Posted 23 September 2004 - 08:34 AM

My ISP detected this one

**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************

MESSAGE QUARANTINED

Virus Detected: Malformed container violation

Message Details:
From: mailreport <at> spamcop.net
To: wroberts <at> spamcop.net
Subject: Held Mail Report
Date: 23 Sep 2004 09:19:33 -0000

EarthLink Virus Blocker has quarantined a message sent to
you because it contains a virus that cannot be removed or
disabled.

Quarantined messages are automatically deleted three days
after they are received.

To learn how to access quarantined messages, visit:

http://www.earthlink...ker/#quarantine

*******************
Powered by Symantec
*******************

Is this the same problem? I didn't get my held mail report.

#17 StevenUnderwood

StevenUnderwood

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,215 posts

Posted 23 September 2004 - 09:23 AM

Bill: I would definitely retreive that message and bring this to the attention of the deputies as I'm sure they would like to know why a text only list of messages was tagged as a virus. What virus did it detect? Bringing it to the attention of Earthlink would not be a bad idea either.
Steven P. Underwood, DNRC
Whitinsville, MA
StevenPUnderwood[at]gmail.com

-No trees were killed in the sending of this message. However, a large number of electrons were terribly inconvenienced.-

#18 DavidT

DavidT

    Been There

  • Memberp
  • PipPipPipPip
  • 2,391 posts

Posted 23 September 2004 - 09:27 AM

My ISP detected this one
Is this the same problem?  I didn't get my held mail report.

No...it's probably a bug with the "Earthlink Virus Blocker" -- which didn't like the format of your Held Mail report and so it treated it like a virus. Whether or not the "container" was "malformed" is something you might need to address with the SpamCop administration and/or Earthlink (good luck!), but I wonder if you can "whitelist" the Held Mail reports and if that will override their "Virus Blocker" (probably not).

DT

Edited by DavidT, 23 September 2004 - 09:28 AM.


#19 lia01reg

lia01reg

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 11 April 2006 - 01:14 PM

Now that we have your attention <g>

From Ellen - as posted over in the newsgroups

We do *not* send mail as staff[at]spamcop.net -- if you get mail from that
address in your SpamCop account, it a new variant of a virus mailing. Please
just delete it, do not execute it. The mail system is on automatic AV dat
updates and will have new updates as soon as the AV company posts them *but*
there is always a gap between the release of a new virus and the AV dat file
updates so stay vigilant everyone!

OTOH I am sure that our users are smart enough not to fall for this -- but I
thought I would mention it for those of us who sometimes read our email with
most of brain engaged elsewhere :-)

Ellen

And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...

View Post


Hi there,

I've just received an email from staff[at]spamcop.net and I now have 'Play Casino Online' on my desktop which refers me to a premium rate number. Does anyone have any recommendable software to remove this.

cheers,

Raj

---------------
My Webpage

#20 dra007

dra007

    Been There

  • Memberp
  • PipPipPipPip
  • 1,561 posts

Posted 11 April 2006 - 01:28 PM

Oooops, it probably loaded some malware and/or viruses...I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users