Partial solution to massive e-mail virus flood?

  • Thread starter Thread starter Adam A. Wanderer
  • Start date Start date
A

Adam A. Wanderer

I've been using the "Message", "Block Sender" function of Outlook Express on
the massive flood of virus e-mails for a day or so now. After several
hundred different return names have been added, the flood seems to be
slowing down. I just hope the virus doesn't start changing its return
addresses! Until this mess is resolved, or the SOBs doing this are caught,
it's as good a solution as I've found so far. Let me know if y'all find
anything better. I keep my Norton AV up to date, and it does seem to be
stopping the virus attachments so far.
 
Adam A. Wanderer said:
I've been using the "Message", "Block Sender" function of Outlook Express on
the massive flood of virus e-mails for a day or so now. After several
hundred different return names have been added, the flood seems to be
slowing down. I just hope the virus doesn't start changing its return
addresses! Until this mess is resolved, or the SOBs doing this are caught,
it's as good a solution as I've found so far. Let me know if y'all find
anything better. I keep my Norton AV up to date, and it does seem to be
stopping the virus attachments so far.
Click to expand...

Hi Adam, a year ago I started using Spampal.
A free spam removal tool. It worked well on 95% of spam.
See http://www.spampal.org.uk/main.shtml
It didn't stop any of the swen virus we are having at the moment.
Someone on here said to try a free plugin for spampal called the
bayesian filter. Only one day gone so far but it has removed 100%
of the virus so far & no genuine mail has been cut.
Hope this helps,
 
I've been using the "Message", "Block Sender" function of Outlook Express on
the massive flood of virus e-mails for a day or so now. After several
hundred different return names have been added, the flood seems to be
slowing down.
Click to expand...
-snip-

I didn't spend long on it-- but these filters are catching 80 percent
of my 100/hr flood. [Forte's Agent] I send them to a folder for
eyeballing before deleting. [I seem to be more paranoid than most
about losing legit email.]

Subject: (Internet Security Update | MS | Microsoft | security update
| critical pack | abort | network pack | security pack | security
patch | error | user unknown | critical update | security upgrade |
security update | network patch | critical patch | latest critical |
critical upgrade)

Any-Sender: (mail storage | ms | MS Security | MS Corporation |
Internet Email | Message system | message storage | ms email |
Microsoft internet | inet | microsoft | network mail | network message
| Network storage | network system | network email | internet email |
postbot@*)

I'm sure there's some redundancy there & I'm still not getting all of
them-- but it is a start for anyone who wants to go that route & I
haven't gotten any false hits in 2 days.

[I also have had
subject: ={ *}
for some time which has taken a sharp increase this week. This is all
the blank subject line emails. I also sent them to a folder to view
before scanning because I've gotten legit emails from people who
forget to fill in the subject.]

Jim
 
Well, I too have been getting all these spam e-mail patches and whatever
caused by the worm.automat.ahb virus. I read a posting earlier about
forwarding e-mail to a hotmail account. Since I already have my hotmail
account come into outlook express this was pretty easy to do. Now whatever
messages that do manage to get through go to my bulk mail folder( I have
the filters set on the highest settings) and my regular mail goes to the
inbox in my hotmail. I can still send from my regular ISP. I'll leave it
this way until this problem gets cleaned up. BTW I do a lot of business
on eBay and I figure that's how I got in someone else's addressbook since
the default setting in outlook express is to add anyone to whom you reply
to your addressbook. I added another e-mail account and will use that only
for eBay from now on in case something like this happens again.
 
June said:
Well, I too have been getting all these spam e-mail patches and whatever
caused by the worm.automat.ahb virus. I read a posting earlier about
forwarding e-mail to a hotmail account. Since I already have my hotmail
account come into outlook express this was pretty easy to do. Now whatever
messages that do manage to get through go to my bulk mail folder( I have
the filters set on the highest settings) and my regular mail goes to the
inbox in my hotmail. I can still send from my regular ISP. I'll leave it
this way until this problem gets cleaned up. BTW I do a lot of business
on eBay and I figure that's how I got in someone else's addressbook since
the default setting in outlook express is to add anyone to whom you reply
to your addressbook. I added another e-mail account and will use that only
for eBay from now on in case something like this happens again.
Click to expand...

Since you didn't mention how to un-mung your address, can I
assume that your address as stated is correct? If so, you might
like to know that it has been reported that this worm can get
your address from newsgroup postings such as this.

Just another thing to consider.
 
Perhaps....I posted one e-mail to a sleep disorder newsgroup...to give away
cpap items left over from when my grandson had a cpap....just goes to prove
no good deed goes unpunished....No takers anyway.....But hotmail is great
alternative for me. My daughter had the same problem with this virus a
couple of weeks ago; she doesn't post to newsgroups but had been selling on
eBay.


:
: > Well, I too have been getting all these spam e-mail patches and whatever
: > caused by the worm.automat.ahb virus. I read a posting earlier about
: > forwarding e-mail to a hotmail account. Since I already have my hotmail
: > account come into outlook express this was pretty easy to do. Now
whatever
: > messages that do manage to get through go to my bulk mail folder( I
have
: > the filters set on the highest settings) and my regular mail goes to the
: > inbox in my hotmail. I can still send from my regular ISP. I'll leave
it
: > this way until this problem gets cleaned up. BTW I do a lot of
business
: > on eBay and I figure that's how I got in someone else's addressbook
since
: > the default setting in outlook express is to add anyone to whom you
reply
: > to your addressbook. I added another e-mail account and will use that
only
: > for eBay from now on in case something like this happens again.
:
: Since you didn't mention how to un-mung your address, can I
: assume that your address as stated is correct? If so, you might
: like to know that it has been reported that this worm can get
: your address from newsgroup postings such as this.
:
: Just another thing to consider.
:
:
 
Jim:

Thanks!!!

I've added those words and a few more not to my OE but to my ISP's
Spamshield. That has eliminated about 98% of the hundreds of crap emails
I've been getting. It was filling up my inbox on my ISP's server. This way,
it doesn't!
Unfortunately, it might delete a legitimate email somewhere along the line,
but that's the best I can do (if I send it to a bulk mail folder, that gets
filled up and I have to keep deleting that -- too much as far as I'm
concerned).

Mel
Jim Elbrecht said:
I've been using the "Message", "Block Sender" function of Outlook Express on
the massive flood of virus e-mails for a day or so now. After several
hundred different return names have been added, the flood seems to be
slowing down.
Click to expand...
-snip-

I didn't spend long on it-- but these filters are catching 80 percent
of my 100/hr flood. [Forte's Agent] I send them to a folder for
eyeballing before deleting. [I seem to be more paranoid than most
about losing legit email.]

Subject: (Internet Security Update | MS | Microsoft | security update
| critical pack | abort | network pack | security pack | security
patch | error | user unknown | critical update | security upgrade |
security update | network patch | critical patch | latest critical |
critical upgrade)

Any-Sender: (mail storage | ms | MS Security | MS Corporation |
Internet Email | Message system | message storage | ms email |
Microsoft internet | inet | microsoft | network mail | network message
| Network storage | network system | network email | internet email |
postbot@*)

I'm sure there's some redundancy there & I'm still not getting all of
them-- but it is a start for anyone who wants to go that route & I
haven't gotten any false hits in 2 days.

[I also have had
subject: ={ *}
for some time which has taken a sharp increase this week. This is all
the blank subject line emails. I also sent them to a folder to view
before scanning because I've gotten legit emails from people who
forget to fill in the subject.]

Jim
Click to expand...
 
I've been using the "Message", "Block Sender" function of Outlook Express on
the massive flood of virus e-mails for a day or so now. After several
hundred different return names have been added, the flood seems to be
slowing down. I just hope the virus doesn't start changing its return
addresses! Until this mess is resolved, or the SOBs doing this are caught,
it's as good a solution as I've found so far. Let me know if y'all find
anything better. I keep my Norton AV up to date, and it does seem to be
stopping the virus attachments so far.
Click to expand...

I've been getting SLAMMED with the Swen virus over e-mail...

Since yesterday, about 24 hours ago, I have killed over 1,500 copies
of it. But I got REALLY TIRED of having to download them just so I
could kill them.

Until this slows down considerably, I've written a VB.NET app to
handle things a little for me..

My simple app just sits there and every 5 minutes connects to my mail
server and does a LIST to get a list of the message numbers and how
big they are. Anything over 24k in size is automatically deleted from
my mailbox, so I don't have to download the crap into my Outlook
Express client.

So now, I just wait for my little "pop3 cleaner" to do a round, then I
have 5 minutes to pull up my Outlook Express and get the "other"
messages waiting for me...

Below is some output from my console VB.NET app I wrote. As you can
see, it's killed over 1,500 of them. Most are around 150k in size.
That's 1500 * 150k = ~219MB of Swen virus crap I didn't have to
download in the last day. If anyone wants a copy, I can send you the
program + source code.. Not much to it, really..


// CHRIS


SAMPLE OUTPUT (Runs from command prompt):

Looking Up Host Name 'mail.charter.net'
Connecting to '209.225.8.223'
+OK POP Server ready
<[email protected]>
+OK please send the PASS
+OK 1 messages (159929 bytes) (proxing)
+OK 1 messages
Message: 1 (159929 Bytes)
+OK marked deleted
+OK CommuniGate Pro POP3 Server connection closed
OK: 1 Messages Cleaned From Mailbox


Killed 1 (Total: 1508)

Looking Up Host Name 'mail.charter.net'
Connecting to '209.225.8.223'
+OK POP Server ready <[email protected]>
+OK please send the PASS
+OK 1 messages (147157 bytes) (proxing)
+OK 1 messages
Message: 1 (147157 Bytes)
+OK marked deleted
+OK CommuniGate Pro POP3 Server connection closed
OK: 1 Messages Cleaned From Mailbox


Killed 1 (Total: 1509)

Looking Up Host Name 'mail.charter.net'
Connecting to '209.225.8.223'
+OK POP Server ready
<[email protected]>
+OK please send the PASS
+OK 10 messages (1212599 bytes) (proxing)
+OK 10 messages
Message: 1 (147538 Bytes)
Message: 2 (3169 Bytes)
Message: 3 (160195 Bytes)
Message: 4 (147101 Bytes)
Message: 5 (160269 Bytes)
Message: 6 (147092 Bytes)
Message: 7 (5294 Bytes)
Message: 8 (147265 Bytes)
Message: 9 (147481 Bytes)
Message: 10 (147195 Bytes)
+OK marked deleted
+OK marked deleted
+OK marked deleted
+OK marked deleted
+OK marked deleted
+OK marked deleted
+OK marked deleted
+OK marked deleted
+OK CommuniGate Pro POP3 Server connection closed
OK: 8 Messages Cleaned From Mailbox


Killed 8 (Total: 1517)

Looking Up Host Name 'mail.charter.net'
Connecting to '209.225.8.223'
+OK POP Server ready <[email protected]>
+OK please send the PASS
+OK 4 messages (315858 bytes) (proxing)
+OK 4 messages
Message: 1 (3169 Bytes)
Message: 2 (5294 Bytes)
Message: 3 (160191 Bytes)
Message: 4 (147204 Bytes)
+OK marked deleted
+OK marked deleted
+OK CommuniGate Pro POP3 Server connection closed
OK: 2 Messages Cleaned From Mailbox


Killed 2 (Total: 1519)

Waiting 04:54 Seconds ...
 
MB said:
I've added those words and a few more not to my OE but to my ISP's
Spamshield. That has eliminated about 98% of the hundreds of crap emails
I've been getting. It was filling up my inbox on my ISP's server. This way,
it doesn't!
Click to expand...

I added the 'To' filters that GSV posted in message ID
<[email protected]> --
To "Client" drop
To "Partner" drop
To "User" drop
To "Customer" drop
To "Receiver" drop
To "Commercial" drop
To "Consumer" drop

They cut the remainder of what was reaching my inbox by about 1/2.

Thanks GSV!

Jim
 
Jim:

Spamshield doesn't seem to have a filter for the TO field.

It looks like I am blocking (dare I say it) 100% of the crap (nothing came
thru for the last 4 days).

Mel
 
For anyone else who might be interested, here are my lists:


Keyword(s) in "Subject" Field
MS
Microsoft
abort
security
patch
error
update
user unknown
network
critical
latest
Admin
Administrator
Bug
Delivery
Email
Inet
Returned
Undeliverable
failure


Keyword(s) in "From" Field
ms
MS Security
MS Corporation
Internet Email
Message system
message storage
ms email
Microsoft internet
inet
network mail
network message
Network storage
network system
network email
technical
internet mail
admin
administrator
 
Back
Top