Sign in to follow this  
Followers 0
Wazoo

SpamCop does not send virus

21 posts in this topic

Now that we have your attention <g>

From Ellen - as posted over in the newsgroups

We do *not* send mail as staff[at]spamcop.net -- if you get mail from that

address in your SpamCop account, it a new variant of a virus mailing. Please

just delete it, do not execute it. The mail system is on automatic AV dat

updates and will have new updates as soon as the AV company posts them *but*

there is always a gap between the release of a new virus and the AV dat file

updates so stay vigilant everyone!

OTOH I am sure that our users are smart enough not to fall for this -- but I

thought I would mention it for those of us who sometimes read our email with

most of brain engaged elsewhere :-)

Ellen

And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...

Edited by Wazoo

Share this post


Link to post
Share on other sites

no updates yet as to whether or not the anti-virus updates have been written / supplied / installed ... just a lot more complaints about the increasing flow of these damn things from all around the world.

Share this post


Link to post
Share on other sites

There's a new virus called Beagle-J which has such effects. I told that to Jeff already. I received an email to my Spamcop account containing this virus.

Dimitris

Share this post


Link to post
Share on other sites

Well, there's actually several "new" nasties running around, that's the reason for this Topic ... that folks were receiving e-mail allegedly from SpamCop specifically, but as said in my last, it's happening all over the world, lowlife scum taking advantage of what once was a nice thing, letting the sender know that their e-mail didn't make it through .. so not only the scanning engines are needing updates, they're causing more ISPs to add to the list of banned file type/name attachments, and causing more issues to those that used to rely on e-mail in general ....

Share this post


Link to post
Share on other sites

Well, it seems that there are still new variants being created, so the virus scanning database is still behind the powercurve. Just reporting the obvious to move this back up towrds the front of the list.

Share this post


Link to post
Share on other sites

JT, can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files? I'm not expecting any such files via email any time soon, and I'd like to have the bagle-spew filtered. Thanks!

Share this post


Link to post
Share on other sites
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?

you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D

Lukas

Share this post


Link to post
Share on other sites
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D

I'd need lots more than ten slots to make that happen, and they wouldn't cover the following:

  • email sent directly to my spamcop.net account
  • email sent through strict forwarders, like bigfoot, sneakemail, and spammotel
  • email forwarded through systems that are too messed up to allow changes, like mailandnews

Share this post


Link to post
Share on other sites
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D
Is that "different AV-System" similar to the one described edtnps84]here?

Share this post


Link to post
Share on other sites
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan :D
Is that "different AV-System" similar to the one described edtnps84]here?

I don't think so. It seems to block everything it is unable to scan.

I discovered this because emails with an unencrypted archive (split up in 2 volumes) got lost through Spamcop-POP. (Blocked by AV). When forwarded to my Spamcop account the same mails got through without problem.

(I'd prefer to have options... and to get everything not positively identified as a virus...)

Share this post


Link to post
Share on other sites

I would strongly recommend that a note about these spams is featured on Spamcop's front page, because not every user is going to penetrate to the forums and read through this thread. The spams look very genuine, no complex data trail, email addresses which appear to belong to this domain, X-mailer Spamcop etc. It's only by examining the headers carefully that you notice that you are invited to reply, if you wish, but that the reply email addresses start with "harvest" and "bounce". However, there is a legitimate program called Harvest. I'm not sure that my husband and I would have worked it out even then, except that not only were both of us "one of the very few addresses compromised" (which might even have made sense, since we registered at the same time) but one of the dead addresses at his work, our ISP, also received one.

I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it.

I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious...

Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this:

"Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam."

_________________________entire spam received, including headers____________________

From: harvestbug[at]admin.spamcop.net

Subject: SpamCop security breach

Date: 14 August 2004 9:55:12 AM

To: clytie[at]riverland.net.au

Return-Path: <harvestbounces[at]admin.spamcop.net>

Delivered-To: clytie[at]riverland.net.au

Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000

Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000

Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700

Precedence: list

Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net>

X-Mailer: http://www.spamcop.net/ v1.370

Hello SpamCop user (or recipient of SpamCop reports),

We appologize for this email, but we felt it was important to let you know

of a recent security bug in the SpamCop codebase.

This problem was fixed within hours of its discovery, but unfortunately

your address was among the very small number that was revealed before

we were able to resolve the problem.

We want you to know that security remains our highest priority. We are

always working to ensure that your account information remains secure.

Please accept our sincere appologies for this serious oversight. If you

have any questions, comments or concerns you may reply to this email to

reach a SpamCop representative.

Thank you for your understanding,

- SpamCop management

______________________________end of pasted message___________________________

Share this post


Link to post
Share on other sites

I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail. Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.

Share this post


Link to post
Share on other sites
I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail.  Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.

Thankyou for taking the time to answer. I'm sorry, I don't quite understand what you are saying: do you mean that some of what I suggested is already used by spammers? Sorry to be muddled. <blush>

from Clytie

Share this post


Link to post
Share on other sites

Submission of spam by e-mail results in an e-mail that includes links to a reporting page. Thus your requested statement and definition of "any e-mail from SpamCop" includes normal traffic to/from the SpamCop servers.

Share this post


Link to post
Share on other sites

Ah, thanks. :) I was having trouble working that one out.

It was only a suggestion: you guys know your business best, and thus can come up with an effective warning/news bulletin which will unconfuse Spamcop users, one hopes.

I still think something of that nature is necessary. People will look for that first, and, not finding it, be worried over whether the email is spam or not, and thus over whether they can trust _any_ email from Spamcop.

from Clytie

Share this post


Link to post
Share on other sites

My ISP detected this one

**************************************

EARTHLINK VIRUS BLOCKER MESSAGE STATUS

**************************************

MESSAGE QUARANTINED

Virus Detected: Malformed container violation

Message Details:

  From: mailreport <at> spamcop.net

  To: wroberts <at> spamcop.net

  Subject: Held Mail Report

  Date: 23 Sep 2004 09:19:33 -0000

EarthLink Virus Blocker has quarantined a message sent to

you because it contains a virus that cannot be removed or

disabled.

Quarantined messages are automatically deleted three days

after they are received.

To learn how to access quarantined messages, visit:

http://www.earthlink.net/myaccount/help/vi...ker/#quarantine

*******************

Powered by Symantec

*******************

Is this the same problem? I didn't get my held mail report.

Share this post


Link to post
Share on other sites

Bill:

I would definitely retreive that message and bring this to the attention of the deputies as I'm sure they would like to know why a text only list of messages was tagged as a virus. What virus did it detect?

Bringing it to the attention of Earthlink would not be a bad idea either.

Share this post


Link to post
Share on other sites
My ISP detected this one

Is this the same problem?  I didn't get my held mail report.

No...it's probably a bug with the "Earthlink Virus Blocker" -- which didn't like the format of your Held Mail report and so it treated it like a virus. Whether or not the "container" was "malformed" is something you might need to address with the SpamCop administration and/or Earthlink (good luck!), but I wonder if you can "whitelist" the Held Mail reports and if that will override their "Virus Blocker" (probably not).

DT

Edited by DavidT

Share this post


Link to post
Share on other sites
Now that we have your attention <g>

From Ellen - as posted over in the newsgroups

We do *not* send mail as staff[at]spamcop.net -- if you get mail from that

address in your SpamCop account, it a new variant of a virus mailing. Please

just delete it, do not execute it. The mail system is on automatic AV dat

updates and will have new updates as soon as the AV company posts them *but*

there is always a gap between the release of a new virus and the AV dat file

updates so stay vigilant everyone!

OTOH I am sure that our users are smart enough not to fall for this -- but I

thought I would mention it for those of us who sometimes read our email with

most of brain engaged elsewhere :-)

Ellen

And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...

3148[/snapback]

Hi there,

I've just received an email from staff[at]spamcop.net and I now have 'Play Casino Online' on my desktop which refers me to a premium rate number. Does anyone have any recommendable software to remove this.

cheers,

Raj

---------------

My Webpage

Share this post


Link to post
Share on other sites

Oooops, it probably loaded some malware and/or viruses...I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0