cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Spam filters not blocking spam email containing trojons

Townman
Superuser
Superuser
Posts: 22,150
Thanks: 9,093
Fixes: 143
Registered: ‎22-08-2007

Spam filters not blocking spam email containing trojons

‎20-02-2014 12:24 PM

Received this today claiming to be from eFax - it is clearly SPAM and carries a virus payload... this threat / profile has been around for quite sometime, I would have hoped that the filters were detecting and dumping such emails by now.  See http://news.softpedia.com/news/Spear-Phishing-Attack-Relies-of-eFax-Messages-286811.shtml from August 2012.
Quote
Return-path: <fraud@aexp.com>
Envelope-to: witton@xxxxxxx.me.uk
Delivery-date: Thu, 20 Feb 2014 09:56:01 +0000
Received: from [212.159.8.109] (helo=avasin07.plus.net)
  by inmx01.plus.net with esmtp (PlusNet MXCore v2.00) id 1WGQMK-0007Ig-Vm
  for witton@xxxxxxxx.me.uk; Thu, 20 Feb 2014 09:56:00 +0000
Received: from 50-195-99-99-static.hfc.comcastbusiness.net ([50.195.99.99])
by avasin07.plus.net with Plusnet Cloudmark Gateway
id UZvy1n00A28fpZe01Zw080; Thu, 20 Feb 2014 09:56:00 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=ZPRZmBLb c=1 sm=1 tr=0
a=5/uzZl0tz4C4NLUh0lWImA==:117 a=5/uzZl0tz4C4NLUh0lWImA==:17 a=tS228Fp5AAAA:8
a=0Bzu9jTXAAAA:8 a=tD9LQ5CGZVIA:10 a=bLan26Z4dusA:10 a=R7qOGidaiNwA:10
a=xnwAm6YiAAAA:8 a=bQeZWJATAAAA:8 a=0-cTjWCDAAAA:8 a=GGcpBh7Jt_oA:10
a=3oD72ZtMbisA:10 a=VcLggJSdRyQVs0OxFcwA:9 a=pILNOxqGKmIA:10
a=Q-fRhH0PU6gA:10 a=RGMkQnRUZHgA:10 a=ef4nlj9suAkA:10 a=FIA4VO2zAAAA:8
a=F8AvrCCBAAAA:8 a=9cqE55EhAAAA:8 a=0cGOZIAeFjO0tSUv:21 a=_W_S_7VecoQA:10
a=tXsnliwV7b4A:10 a=FkM3Vp9O4r0A:10 a=ALLr9p5pBDnc9vFzo2sA:9
a=BqBDZBPm_nQMS4hV5kwA:14 a=IKIoO-ieCDEA:10
Received: from [89.170.79.117] (account fraud@aexp.com HELO jdmuy.zovvvffpmou.tv)
by 50-195-99-99-static.hfc.comcastbusiness.net (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 981619320 for moira@xxxxxx.me.uk; Thu, 20 Feb 2014 04:55:49 -0500
From: "eFax Corporate" <message@inbound.efax.com>
To: <moira@xxxxxxxx.me.uk>
Date: Thu, 20 Feb 2014 04:55:49 -0500
MIME-Version: 1.0
X-Priority: 3
X-Mailer: iqhnbo_40
Message-ID: <0550235382.EPNINU12971919@obxwwgec.raukgmiuv.biz>
Content-Type: multipart/mixed;
  boundary="----=a__mrggq_85_87_05"
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Corporate eFax message from "unknown" - 4 page(s)

If DCT need to look into this, xxxxxxx = my PN account name.
witton@ is an email address I have not used for used for years - indeed it pre-dates the webmail hack of a few years back.
moira@ is SWMOB's active email address, - it is a bit scary how the spammer has got these two addresses tied together in a single email ('envelope-to' and 'to' addresses).
Hopefully the SPAM filters can be adjusted to filter these messages.

Cheers,
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 1 of 1
(663 Views)
0 Thanks