Wazoo Posted March 3, 2004 Share Posted March 3, 2004 (edited) Now that we have your attention <g> From Ellen - as posted over in the newsgroups We do *not* send mail as staff[at]spamcop.net -- if you get mail from that address in your SpamCop account, it a new variant of a virus mailing. Please just delete it, do not execute it. The mail system is on automatic AV dat updates and will have new updates as soon as the AV company posts them *but* there is always a gap between the release of a new virus and the AV dat file updates so stay vigilant everyone! OTOH I am sure that our users are smart enough not to fall for this -- but I thought I would mention it for those of us who sometimes read our email with most of brain engaged elsewhere :-) Ellen And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ... Edited March 3, 2004 by Wazoo Quote Link to comment Share on other sites More sharing options...
Wazoo Posted March 4, 2004 Author Share Posted March 4, 2004 no updates yet as to whether or not the anti-virus updates have been written / supplied / installed ... just a lot more complaints about the increasing flow of these damn things from all around the world. Quote Link to comment Share on other sites More sharing options...
enigma Posted March 4, 2004 Share Posted March 4, 2004 There's a new virus called Beagle-J which has such effects. I told that to Jeff already. I received an email to my Spamcop account containing this virus. Dimitris Quote Link to comment Share on other sites More sharing options...
Wazoo Posted March 4, 2004 Author Share Posted March 4, 2004 Well, there's actually several "new" nasties running around, that's the reason for this Topic ... that folks were receiving e-mail allegedly from SpamCop specifically, but as said in my last, it's happening all over the world, lowlife scum taking advantage of what once was a nice thing, letting the sender know that their e-mail didn't make it through .. so not only the scanning engines are needing updates, they're causing more ISPs to add to the list of banned file type/name attachments, and causing more issues to those that used to rely on e-mail in general .... Quote Link to comment Share on other sites More sharing options...
Wazoo Posted March 5, 2004 Author Share Posted March 5, 2004 Well, it seems that there are still new variants being created, so the virus scanning database is still behind the powercurve. Just reporting the obvious to move this back up towrds the front of the list. Quote Link to comment Share on other sites More sharing options...
Jeff G. Posted March 6, 2004 Share Posted March 6, 2004 JT, can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files? I'm not expecting any such files via email any time soon, and I'd like to have the bagle-spew filtered. Thanks! Quote Link to comment Share on other sites More sharing options...
Lukas Posted March 6, 2004 Share Posted March 6, 2004 can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files? you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan Lukas Quote Link to comment Share on other sites More sharing options...
Jeff G. Posted March 6, 2004 Share Posted March 6, 2004 can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan I'd need lots more than ten slots to make that happen, and they wouldn't cover the following: email sent directly to my spamcop.net account email sent through strict forwarders, like bigfoot, sneakemail, and spammotel email forwarded through systems that are too messed up to allow changes, like mailandnews Quote Link to comment Share on other sites More sharing options...
Jeff G. Posted March 6, 2004 Share Posted March 6, 2004 can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan Is that "different AV-System" similar to the one described edtnps84]here? Quote Link to comment Share on other sites More sharing options...
Lukas Posted March 8, 2004 Share Posted March 8, 2004 can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan Is that "different AV-System" similar to the one described edtnps84]here? I don't think so. It seems to block everything it is unable to scan. I discovered this because emails with an unencrypted archive (split up in 2 volumes) got lost through Spamcop-POP. (Blocked by AV). When forwarded to my Spamcop account the same mails got through without problem. (I'd prefer to have options... and to get everything not positively identified as a virus...) Quote Link to comment Share on other sites More sharing options...
clytie Posted August 14, 2004 Share Posted August 14, 2004 I would strongly recommend that a note about these spams is featured on Spamcop's front page, because not every user is going to penetrate to the forums and read through this thread. The spams look very genuine, no complex data trail, email addresses which appear to belong to this domain, X-mailer Spamcop etc. It's only by examining the headers carefully that you notice that you are invited to reply, if you wish, but that the reply email addresses start with "harvest" and "bounce". However, there is a legitimate program called Harvest. I'm not sure that my husband and I would have worked it out even then, except that not only were both of us "one of the very few addresses compromised" (which might even have made sense, since we registered at the same time) but one of the dead addresses at his work, our ISP, also received one. I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it. I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious... Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this: "Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam." _________________________entire spam received, including headers____________________ From: harvestbug[at]admin.spamcop.net Subject: SpamCop security breach Date: 14 August 2004 9:55:12 AM To: clytie[at]riverland.net.au Return-Path: <harvestbounces[at]admin.spamcop.net> Delivered-To: clytie[at]riverland.net.au Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000 Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000 Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700 Precedence: list Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net> X-Mailer: http://www.spamcop.net/ v1.370 Hello SpamCop user (or recipient of SpamCop reports), We appologize for this email, but we felt it was important to let you know of a recent security bug in the SpamCop codebase. This problem was fixed within hours of its discovery, but unfortunately your address was among the very small number that was revealed before we were able to resolve the problem. We want you to know that security remains our highest priority. We are always working to ensure that your account information remains secure. Please accept our sincere appologies for this serious oversight. If you have any questions, comments or concerns you may reply to this email to reach a SpamCop representative. Thank you for your understanding, - SpamCop management ______________________________end of pasted message___________________________ Quote Link to comment Share on other sites More sharing options...
Wazoo Posted August 14, 2004 Author Share Posted August 14, 2004 I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail. Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail. Quote Link to comment Share on other sites More sharing options...
clytie Posted August 14, 2004 Share Posted August 14, 2004 I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail. Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail. Thankyou for taking the time to answer. I'm sorry, I don't quite understand what you are saying: do you mean that some of what I suggested is already used by spammers? Sorry to be muddled. <blush> from Clytie Quote Link to comment Share on other sites More sharing options...
Wazoo Posted August 14, 2004 Author Share Posted August 14, 2004 Submission of spam by e-mail results in an e-mail that includes links to a reporting page. Thus your requested statement and definition of "any e-mail from SpamCop" includes normal traffic to/from the SpamCop servers. Quote Link to comment Share on other sites More sharing options...
clytie Posted August 14, 2004 Share Posted August 14, 2004 Ah, thanks. I was having trouble working that one out. It was only a suggestion: you guys know your business best, and thus can come up with an effective warning/news bulletin which will unconfuse Spamcop users, one hopes. I still think something of that nature is necessary. People will look for that first, and, not finding it, be worried over whether the email is spam or not, and thus over whether they can trust _any_ email from Spamcop. from Clytie Quote Link to comment Share on other sites More sharing options...
Bill Roberts Posted September 23, 2004 Share Posted September 23, 2004 My ISP detected this one ************************************** EARTHLINK VIRUS BLOCKER MESSAGE STATUS ************************************** MESSAGE QUARANTINED Virus Detected: Malformed container violation Message Details:  From: mailreport <at> spamcop.net  To: wroberts <at> spamcop.net  Subject: Held Mail Report  Date: 23 Sep 2004 09:19:33 -0000 EarthLink Virus Blocker has quarantined a message sent to you because it contains a virus that cannot be removed or disabled. Quarantined messages are automatically deleted three days after they are received. To learn how to access quarantined messages, visit: http://www.earthlink.net/myaccount/help/vi...ker/#quarantine ******************* Powered by Symantec ******************* Is this the same problem? I didn't get my held mail report. Quote Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 23, 2004 Share Posted September 23, 2004 Bill: I would definitely retreive that message and bring this to the attention of the deputies as I'm sure they would like to know why a text only list of messages was tagged as a virus. What virus did it detect? Bringing it to the attention of Earthlink would not be a bad idea either. Quote Link to comment Share on other sites More sharing options...
DavidT Posted September 23, 2004 Share Posted September 23, 2004 (edited) My ISP detected this one Is this the same problem? I didn't get my held mail report. No...it's probably a bug with the "Earthlink Virus Blocker" -- which didn't like the format of your Held Mail report and so it treated it like a virus. Whether or not the "container" was "malformed" is something you might need to address with the SpamCop administration and/or Earthlink (good luck!), but I wonder if you can "whitelist" the Held Mail reports and if that will override their "Virus Blocker" (probably not). DT Edited September 23, 2004 by DavidT Quote Link to comment Share on other sites More sharing options...
lia01reg Posted April 11, 2006 Share Posted April 11, 2006 Now that we have your attention <g> From Ellen - as posted over in the newsgroups We do *not* send mail as staff[at]spamcop.net -- if you get mail from that address in your SpamCop account, it a new variant of a virus mailing. Please just delete it, do not execute it. The mail system is on automatic AV dat updates and will have new updates as soon as the AV company posts them *but* there is always a gap between the release of a new virus and the AV dat file updates so stay vigilant everyone! OTOH I am sure that our users are smart enough not to fall for this -- but I thought I would mention it for those of us who sometimes read our email with most of brain engaged elsewhere :-) Ellen And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ... 3148[/snapback] Hi there, I've just received an email from staff[at]spamcop.net and I now have 'Play Casino Online' on my desktop which refers me to a premium rate number. Does anyone have any recommendable software to remove this. cheers, Raj --------------- My Webpage Quote Link to comment Share on other sites More sharing options...
dra007 Posted April 11, 2006 Share Posted April 11, 2006 Oooops, it probably loaded some malware and/or viruses...I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places.. Quote Link to comment Share on other sites More sharing options...
turetzsr Posted April 12, 2006 Share Posted April 12, 2006 <snip> I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places.. 41952[/snapback] ...And/or try the "Suggested Tools and Applications" SpamCop Forum. ...Good luck! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.