cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

'Interfax' spam with Trojans

Mad_Moggies
Rising Star
Posts: 1,282
Thanks: 43
Registered: ‎01-08-2007

'Interfax' spam with Trojans

‎25-12-2015 9:44 AM

Just lately I've had a few emails allegedly from Interfax but not when I look at the full headers. Initially they were going to my 'catch all' mailbox, having a few 'x's before the @xxxxxx.plus.com bit of the address, but the one I picked up in my mail program this morning was sent to my personal address on which I hardly ever receive spam email of any sort.
Now, this wouldn't be so bothersome except that they all have a .zip attachment which, on scanning and 'disinfecting' with my internet security program is shown to contain a Trojan described as HEUR:Exploit.Script.Generic.
Now, shouldn't Plusnet's Anti Virus Filter be picking these up? I have the AntiVirus Filter on and the Spam Filter set at 2 and I haven't received anything like this to any of my Plusnet addresses previously.
I've now put Interfax into my email blacklist in the hope that it might stop any more coming but whether that will work with a spoofed address I don't know.
Plusnet user since November 2003
Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Mac OS12 and Firefox user with latest versions of both
Message 1 of 9
(1,642 Views)
0 Thanks
8 REPLIES 8
Oldjim
Community Veteran
Posts: 38,460
Thanks: 1,028
Fixes: 63
Registered: ‎15-06-2007

Re: 'Interfax' spam with Trojans

‎25-12-2015 10:13 AM

I may be wrong but I am fairly sure that the Plusnet system doesn't check the contents of zip files
Message 2 of 9
(639 Views)
0 Thanks
Mad_Moggies
Rising Star
Posts: 1,282
Thanks: 43
Registered: ‎01-08-2007

Re: 'Interfax' spam with Trojans

‎25-12-2015 10:18 AM

Thanks. I don't normally get zip files anyway but they're something I can scan with my internet security program (kindly provided for me by my bank for free!).
Plusnet user since November 2003
Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Mac OS12 and Firefox user with latest versions of both
Message 3 of 9
(639 Views)
0 Thanks
spraxyt
Aspiring Legend
Posts: 10,063
Thanks: 673
Fixes: 75
Registered: ‎06-04-2007

Re: 'Interfax' spam with Trojans

‎25-12-2015 12:14 PM

When emails are being scanned on the fly there has to be a balance between speed and comprehensiveness. The main concern is safety risk and when zipped up, technically the attachment is safe. The online scanner can allow the message through on that basis.
If a user's antivirus scans emails on receipt that might also allow the infected attachment through. However if the user attempts to unzip the attachment after receipt alarms would trigger and the infected file would be quarantined.
David
Message 4 of 9
(639 Views)
0 Thanks
Mad_Moggies
Rising Star
Posts: 1,282
Thanks: 43
Registered: ‎01-08-2007

Re: 'Interfax' spam with Trojans

‎25-12-2015 10:11 PM

When the first one arrived I checked to see if there was a problem with Interfax being spoofed in spam that's sending malicious files and found there has been a problem recently.
I'm wondering how the earlier ones got sent to xxxxx@myusername.plus.com (using varying numbers of 'x's for the first part as shown, rather than any of the exisitng account names), which shouldn't exist in that form anywhere on the internet or anyone's address books!
It's so unusual for me to get spam on any of my Plusnet addresses; I guess I've just been lucky not to get any of this sort before.
Plusnet user since November 2003
Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Mac OS12 and Firefox user with latest versions of both
Message 5 of 9
(639 Views)
0 Thanks
spraxyt
Aspiring Legend
Posts: 10,063
Thanks: 673
Fixes: 75
Registered: ‎06-04-2007

Re: 'Interfax' spam with Trojans

‎25-12-2015 10:59 PM

The spammers are always making changes to their emails to get them past detection filters. After a while the filters are updated to block this style but sadly the cycle repeats.  Sad
We can contribute to updating by reporting them as spam using the webmail button if a copy remains on the server.
David
Message 6 of 9
(639 Views)
0 Thanks
Mad_Moggies
Rising Star
Posts: 1,282
Thanks: 43
Registered: ‎01-08-2007

Re: 'Interfax' spam with Trojans

‎26-12-2015 8:56 AM

Yes,on the rare occasion I get spam via Plusnet I go into webmail and click the spam button. I've probably deleted them completely now though. Should I leave them in the Spam folder in future or does the spam filter get sent a copy when they're reported?
Plusnet user since November 2003
Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Mac OS12 and Firefox user with latest versions of both
Message 7 of 9
(639 Views)
0 Thanks
spraxyt
Aspiring Legend
Posts: 10,063
Thanks: 673
Fixes: 75
Registered: ‎06-04-2007

Re: 'Interfax' spam with Trojans

‎26-12-2015 10:42 AM

A copy of the reported email is sent to the Cloudmark labs for analysis when the button is clicked. Then webmail moves the original to the spam folder. The user can delete it from there if desired without affecting what Cloudmark do since they have their own copy.
David
Message 8 of 9
(639 Views)
0 Thanks
Mad_Moggies
Rising Star
Posts: 1,282
Thanks: 43
Registered: ‎01-08-2007

Re: 'Interfax' spam with Trojans

‎26-12-2015 11:33 AM

Thanks! I'll carry on doing what I do then!
Plusnet user since November 2003
Unlimited Fibre Extra and Unlimited UK & Mobile Calls
Mac OS12 and Firefox user with latest versions of both
Message 9 of 9
(639 Views)
0 Thanks