Dilbertic Posted March 23, 2016 Share Posted March 23, 2016 For months now this spammer keeps sending me an invoice style email with an attachment that contails virus JS/TrojanDownloader.Nemucod.LP trojan. My virus program always deletes it, but my question is why is spamcop not detecting the virus and more so forged sender? Dil Link to comment Share on other sites More sharing options...
lisati Posted March 23, 2016 Share Posted March 23, 2016 I take it that you have reported the emails? If so, a tracking link might be useful for help us troubleshoot. As for the forged sender, the "From" header is notoriously unreliable as a clue to the true origin of an offending email. It is been a while since I've run my own email server, but one of the tests for suspicious emails I used for a while was to see if the From address matched the To address, on the assumption that sending an email to myself was unlikely. Link to comment Share on other sites More sharing options...
petzl Posted March 23, 2016 Share Posted March 23, 2016 For months now this spammer keeps sending me an invoice style email with an attachment that contails virus JS/TrojanDownloader.Nemucod.LP trojan. My virus program always deletes it, but my question is why is spamcop not detecting the virus and more so forged sender? Dil When SpamCop first started forwarding email CisCo filtered it with Senderbase filtering for 12 months. This filtering has now ceased. but still forwards without filtering. Reporting does shut spammers down. Add to notes it contains virus attachment. I forward to Gmail which effectively separates "spam from ham" and tell you if they detect a virus (even when zipped) Link to comment Share on other sites More sharing options...
Dilbertic Posted March 26, 2016 Author Share Posted March 26, 2016 Wasn't sure which link you needed, since I posted this I am now getting 2 or 3 a day... Here is a copy to one of the past reports: 6433222363 ( Forwarded spam ) To: spam[at]uce.gov 6433222362 ( 122.174.153.31 ) To: dsl.noctn[at]in.airtel.com 6433222361 ( 122.174.153.31 ) To: incident[at]cert-in.org.in 6433222360 ( 122.174.153.31 ) To: dslnoc.ap[at]airtel.in 6433222359 ( 122.174.153.31 ) To: techsupport[at]in.airtel.com 6433222358 ( 122.174.153.31 ) To: abuse[at]airtel.in 6433222357 ( 122.174.153.31 ) To: manas.kaul[at]in.airtel.com 6433222356 ( 122.174.153.31 ) To: postmaster[at]in.airtel.com 6433222355 ( 122.174.153.31 ) To: dsl.noc[at]airtel.in Link to comment Share on other sites More sharing options...
Lking Posted March 26, 2016 Share Posted March 26, 2016 As noted in several places, the Report ID, you included, is only visible to you as the reporter. You should have included the TRACKING URL, that is listed at the top of the screen after the spam has been processed. SpamCop v 4.8.3 © 2016 Cisco Systems, Inc. All rights reserved.Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6223651099z24aec3a1a171a7531dd9af87bfae28eaz Link to comment Share on other sites More sharing options...
Dilbertic Posted March 29, 2016 Author Share Posted March 29, 2016 Sorry about that, i got about 10 of them today and another 3 now after I reported the 1st ones, seem to get more after I report them I have been cc'ing Report Malware and vulnerabilities to DHS by e-mail at cert[at]cert.org and soc[at]us-cert.gov. https://www.spamcop.net/sc?id=z6225216524zd52e9f783eb50087d1edf424d9afee24z https://www.spamcop.net/sc?id=z6225217422z65ad432db9248c160700f6b1f52cbfcfz https://www.spamcop.net/sc?id=z6225217624z6ad6d023f15fe8e85da18286b65ff988z Guess the spammer is on a mission to send out this malware to me Link to comment Share on other sites More sharing options...
petzl Posted March 30, 2016 Share Posted March 30, 2016 Sorry about that, i got about 10 of them today and another 3 now after I reported the 1st ones, seem to get more after I report them I have been cc'ing Report Malware and vulnerabilities to DHS by e-mail at cert[at]cert.org and soc[at]us-cert.gov. https://www.spamcop.net/sc?id=z6225216524zd52e9f783eb50087d1edf424d9afee24z https://www.spamcop.net/sc?id=z6225217422z65ad432db9248c160700f6b1f52cbfcfz https://www.spamcop.net/sc?id=z6225217624z6ad6d023f15fe8e85da18286b65ff988z Guess the spammer is on a mission to send out this malware to me Thats all you can do 115.99.249.190 was sent to wrong address should be abuse[at]hathway.com INCIDENT[at]cert-in.org.in https://www.spamcop.net/sc?id=z6225217624z6ad6d023f15fe8e85da18286b65ff988z This IP is infected (or NATting for a computer that is infected) with the kelihos spambot. last detected at 2016-03-29 17:00 GMT (+/- 30 minutes), approximately 9 hours ago. Link to comment Share on other sites More sharing options...
Dilbertic Posted March 30, 2016 Author Share Posted March 30, 2016 Thanks for the info, just think it's funny everytime I report it, I get 2 or 3 more, I only used to get 1 a day now I am up to 9 or 10 a day that I am reporting them.... Link to comment Share on other sites More sharing options...
Wrong Planet Posted March 30, 2016 Share Posted March 30, 2016 Thanks for the info, just think it's funny everytime I report it, I get 2 or 3 more, I only used to get 1 a day now I am up to 9 or 10 a day that I am reporting them.... I'm in the same boat as you. I started receiving occasional emails back in late December and it has really picked up in intensity during the month of March. The subject is always something about Package Received, Order Delay, Unpaid Invoice, and the most creative one was something about a traffic camera picking me up in violation. Each email up until today has had an attached zip file. Now they're sending RAR files. I've been reporting these things as fast as they come in but it doesn't seem to help and I share your observation that it seems that the more I report the more I receive. I've also been forwarding this stuff to phishing-report[at]us-cert.gov. I really hope this gets resolved soon. It's frustrating. Link to comment Share on other sites More sharing options...
petzl Posted March 30, 2016 Share Posted March 30, 2016 I'm in the same boat as you. I started receiving occasional emails back in late December and it has really picked up in intensity during the month of March. The subject is always something about Package Received, Order Delay, Unpaid Invoice, and the most creative one was something about a traffic camera picking me up in violation. Each email up until today has had an attached zip file. Now they're sending RAR files. I've been reporting these things as fast as they come in but it doesn't seem to help and I share your observation that it seems that the more I report the more I receive. I've also been forwarding this stuff to phishing-report[at]us-cert.gov. I really hope this gets resolved soon. It's frustrating. Botnets tend to do this as more people create zombie/Botnet computers by opening attachments/clicking links the more they repeat sending the spam to you. Depending how bad your email provider is, a Windows Program Mailwasher allows you to check for spam and report it zen.spamhaus.org. is the better blocklist to use Mailwasher just alerts you and you can easily report and delete it from a POP server Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.