cancel
Showing results for 
Search instead for 
Did you mean: 

'Interfax' spam with Trojans

Community Veteran
Posts: 1,169
Thanks: 7
Registered: 01-08-2007

'Interfax' spam with Trojans

Just lately I've had a few emails allegedly from Interfax but not when I look at the full headers. Initially they were going to my 'catch all' mailbox, having a few 'x's before the @xxxxxx.plus.com bit of the address, but the one I picked up in my mail program this morning was sent to my personal address on which I hardly ever receive spam email of any sort.
Now, this wouldn't be so bothersome except that they all have a .zip attachment which, on scanning and 'disinfecting' with my internet security program is shown to contain a Trojan described as HEUR:Exploit.Script.Generic.
Now, shouldn't Plusnet's Anti Virus Filter be picking these up? I have the AntiVirus Filter on and the Spam Filter set at 2 and I haven't received anything like this to any of my Plusnet addresses previously.
I've now put Interfax into my email blacklist in the hope that it might stop any more coming but whether that will work with a spoofed address I don't know.
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
8 REPLIES
Community Veteran
Posts: 38,460
Thanks: 1,027
Fixes: 62
Registered: 15-06-2007

Re: 'Interfax' spam with Trojans

I may be wrong but I am fairly sure that the Plusnet system doesn't check the contents of zip files
Community Veteran
Posts: 1,169
Thanks: 7
Registered: 01-08-2007

Re: 'Interfax' spam with Trojans

Thanks. I don't normally get zip files anyway but they're something I can scan with my internet security program (kindly provided for me by my bank for free!).
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Superuser
Superuser
Posts: 9,459
Thanks: 804
Fixes: 52
Registered: 06-04-2007

Re: 'Interfax' spam with Trojans

When emails are being scanned on the fly there has to be a balance between speed and comprehensiveness. The main concern is safety risk and when zipped up, technically the attachment is safe. The online scanner can allow the message through on that basis.
If a user's antivirus scans emails on receipt that might also allow the infected attachment through. However if the user attempts to unzip the attachment after receipt alarms would trigger and the infected file would be quarantined.
David
Community Veteran
Posts: 1,169
Thanks: 7
Registered: 01-08-2007

Re: 'Interfax' spam with Trojans

When the first one arrived I checked to see if there was a problem with Interfax being spoofed in spam that's sending malicious files and found there has been a problem recently.
I'm wondering how the earlier ones got sent to xxxxx@myusername.plus.com (using varying numbers of 'x's for the first part as shown, rather than any of the exisitng account names), which shouldn't exist in that form anywhere on the internet or anyone's address books!
It's so unusual for me to get spam on any of my Plusnet addresses; I guess I've just been lucky not to get any of this sort before.
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Superuser
Superuser
Posts: 9,459
Thanks: 804
Fixes: 52
Registered: 06-04-2007

Re: 'Interfax' spam with Trojans

The spammers are always making changes to their emails to get them past detection filters. After a while the filters are updated to block this style but sadly the cycle repeats.  Sad
We can contribute to updating by reporting them as spam using the webmail button if a copy remains on the server.
David
Community Veteran
Posts: 1,169
Thanks: 7
Registered: 01-08-2007

Re: 'Interfax' spam with Trojans

Yes,on the rare occasion I get spam via Plusnet I go into webmail and click the spam button. I've probably deleted them completely now though. Should I leave them in the Spam folder in future or does the spam filter get sent a copy when they're reported?
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Superuser
Superuser
Posts: 9,459
Thanks: 804
Fixes: 52
Registered: 06-04-2007

Re: 'Interfax' spam with Trojans

A copy of the reported email is sent to the Cloudmark labs for analysis when the button is clicked. Then webmail moves the original to the spam folder. The user can delete it from there if desired without affecting what Cloudmark do since they have their own copy.
David
Community Veteran
Posts: 1,169
Thanks: 7
Registered: 01-08-2007

Re: 'Interfax' spam with Trojans

Thanks! I'll carry on doing what I do then!
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls