1000s of junks emails "Microsoft Network Security" .... Anyone got the same problem?

  • Thread starter Thread starter Anna
  • Start date Start date
A

Anna

hi all,

it is couple of days that i am getting 1000s (I mean each day arround more
than 300) junk emails almost identical "Microsoft Network Security" all
attached with an .exe file.

I am using Mailwasher freeware but it looks like it doesnt help. Does anyone
else had the same problem? Where the problem is? my ISP or what? Any
freeware to delete them from my ISP server without displaying them?

Any other solution will be appreciated.

anney
 
hi all,

it is couple of days that i am getting 1000s (I mean each day arround
more than 300) junk emails almost identical "Microsoft Network
Security" all attached with an .exe file.

I am using Mailwasher freeware but it looks like it doesnt help. Does
anyone else had the same problem? Where the problem is? my ISP or
what? Any freeware to delete them from my ISP server without
displaying them?

Any other solution will be appreciated.
Click to expand...

I've gotten about 2,000 a day, I think. It appears to be slowing down,
though.

My ISP contracts with Postini, which has been doing a fairly good job of
catching them.

Non-virusy spam that they catch seems to currently be similar messages
with the virus removed. It's crowding out the usual spam.

My email reader is Mozilla Firebird. I'm training it to know that
messages from ISPs saying "Hey, there's a virus in the email you sent to
one of our customers" go directly to the junk folder. (I didn't send
those; the virus has been forging my edress.)
 
it is couple of days that i am getting 1000s (I mean each day arround
more than 300)
Click to expand...

Join the club. To stop this, one of two things would do. (1) the spam
blocker product would nee an upgrade in the logic and/or filters to pick up
on the false MSFT bulletin (thereby blocking legitimate MSFT bulletines).
(2) Use a server based spam blocker that actually verifies (pretty easily)
the sending address is forged/invalid, or at least not from MSFT.

My mail server is ATT WorldNet and BrightMail caught almost all of them.
but I still got a notification for each one blocked.

No one really knows how BrightMail works. That said. I am not aware of any
large scale server based spam blocker that actually uses the horsepower to
validate sending address, and can those forged ones.
 
Anna wrote in
it is couple of days that i am getting 1000s (I mean each day arround
more than 300) junk emails almost identical "Microsoft Network
Security" all attached with an .exe file.

I am using Mailwasher freeware but it looks like it doesnt help. Does
anyone else had the same problem? Where the problem is? my ISP or
what? Any freeware to delete them from my ISP server without
displaying them?

Any other solution will be appreciated.
Click to expand...

Solutions:
1) Log into the webmail (if available) and set up filters to delete
these emails from the server as soon as they arrive 2) This app will
clean *ALL* emails from your inbox (use with caution):
http://www.steeds.com/vicky/popflush/ 3) Much the same as mailwasher:
http://keir.net/k9.html
4) From an earlier post:
 
Thanks mate,

I probably need something like PopFlush but with some "Criteria" eg delete
all messages with MS or Microsfot or Security.

would be really cool. I think he has promised till next release.

regards
 
Anna wrote in
thanks mate,

means ist good to inform my ISP?
Click to expand...

Nononononononono!
Your ISP already knows, trust me. Informing them will just add to email
traffic; and when a worm is about is the *last* time your ISP wants more
email.

I'll tell you a little story. It was late one Friday night, and I
downloaded my email and received about 130 spam messages. Since it was
only about ½-hour since my last email pickup, I thought "something has to
be done about this".
It being late on Friday night, my solution was to set up filters to reply
to spammers, with several rotating messages...pointing out the futility
of sending emails that wouldn't be read; informing them that they were
wasting their time because I was *never* going to buy anything from a
spammer; requesting to be removed from their lists; threatening legal
action/physical harm etc. (it was getting VERY late on Friday night by
this time).

About 3 days later, my ISP killed my account because they said that *I*
had been spamming. I had sent out 4000 emails in 3 days (without seeing
any of them). It took a few hours to get my account back and several
weeks to get my domain un-blacklisted.

THE MORAL: Be very careful with autoresponders and email filters.
 
I am using Mailwasher freeware but it looks like it doesnt help.
Click to expand...
???
Use the Mailwasher filters
I filter on the To field

If the 'to' field ... does not contain ... <my email address> mark
for deleting
 
Anna said:
Any freeware to delete them from my ISP server without
displaying them?
Click to expand...

Of course. You already have it...MailWasher.

--
dadiOH
_____________________________

dadiOH's dandies v3.0...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://www.gbronline.com/xico/
_________________________________
 
it is couple of days that i am getting 1000s (I mean each day arround more
than 300) junk emails almost identical "Microsoft Network Security" all
attached with an .exe file.
Click to expand...

Plenty of us are experiencing this flood; it seems to have started on
September 18, at the same time the "Swen" virus appeared.

My breakdown:
40% are about size 157K, and contain the .exe attachment;
40% are about size 144K, and are responses from sites that <think>
they got a similar transmission from me (apparently, the virus fakes
sender addresses);
18% are 40K or less; they are short versions of similar responses
from sites, but do not echo the received attachment;
2% or less are "real" mail.

Picking through 500 messages a day to find the six or seven that are
"real" mail can be tedious. At 56K or less, the time taken to
download all that mail, with attachments, would be a major pain. I
use Pegasus to download the headers (File - Selective Mail Download),
and sort them by size, which allows me to identify and dump most of
the bad stuff. Downloading 500 headers still takes ten minutes or so,
but seems to be a workable approach for me.

I've looked at a few of the 157K messages that contain the virus
attachment. The sender address is faked, of course; and, sadly, the
"path" data seems to be munged, so I can't guess the infected sender
so as to reply with "Hey - you have a problem".

This new one seems to be a serious system problem, so there are likely
persons/agencies chasing it down.
I am using Mailwasher freeware but it looks like it doesnt help.
Click to expand...

I blush to admit that I've never got Mailwasher to work for me. For
some reason, repeated attempts have resulted in a response along the
lines that my proxy doesn't work. I wonder; does Mailwasher kill
unwanted traffic at the POP header level? Other filters I have seen
need the whole message to do their job; and that, in turn, starts
using up unacceptable amounts of time at 56K.

--Jim
 
Picking through 500 messages a day to find the six or seven that are
"real" mail can be tedious. At 56K or less, the time taken to
download all that mail, with attachments, would be a major pain. I
use Pegasus to download the headers (File - Selective Mail Download),
and sort them by size, which allows me to identify and dump most of
the bad stuff. Downloading 500 headers still takes ten minutes or so,
but seems to be a workable approach for me.
Click to expand...

Jim, I too have been using the Pegasus (File - Selective Mail Download>

I recently took an idea I saw on the PM-Win list, to do server-side
filtering of messages betewwn 140 and 170K.

I also put in a rule to delete on server if Subject or From header contains
"security"

There's a slight chance it'll delete a good message or two.

Sheldon Isaac
 
it is couple of days that i am getting 1000s (I mean each day arround more
than 300) junk emails almost identical "Microsoft Network Security" all
attached with an .exe file.

I am using Mailwasher freeware but it looks like it doesnt help. Does anyone
else had the same problem? Where the problem is? my ISP or what? Any
freeware to delete them from my ISP server without displaying them?
Click to expand...

This is the latest culprit, called the "swen" or "gibe-f" worm:
http://www.sophos.com/virusinfo/analyses/w32gibef.html
It's spread by people who carelessly open infected e-mail. It uses
*dozens* of different "from" and "subject" lines to get past filters.

At the moment, I'm using several fancy MailWasher From: and Subject:
filters to catch the most common ones I've seen, then:

If the Body contains the RegExpr
"^content-type:.*(exe|com|pif|bat|scr|zip|cmd)"*$" then mark the message
as mail to be deleted.

WARNING: This marks messages containing ANY mime-attached filename
ending in exe, zip etc., whether or not the filename is in quotes. If
you regularly receive such files from friends, DON'T USE IT. If you do
try it, cut-and-paste it, because it's hard to type. Strip off the
outermost set of double-quotes. Use this filter last, because it makes
MailWasher download the entire message instead of just checking the
headers... and that's what you're trying to avoid!
 
Garrapata said:
???
Use the Mailwasher filters
I filter on the To field

If the 'to' field ... does not contain ... <my email address> mark
for deleting
Click to expand...

set mail check time for >10 minutes at first logon
otherwise MW will try and check new mail before it finishes it's
first big morning dump

I figure something like this has wasted more time than the
the 'author' could possibly pay back in several lifetimes, even
if they could be found for a multi$billion damages claim.

As funny as taking bolts out of bridges.
 
Back
Top