cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Warning: New SPAM threat - Your Latest Documents from RS Components

Townman
Superuser
Superuser
Posts: 22,338
Thanks: 9,208
Fixes: 146
Registered: ‎22-08-2007

Warning: New SPAM threat - Your Latest Documents from RS Components

‎31-03-2015 3:25 PM

Received the above email today @ 13:41
A little disappointed that the spam / AV filters filters did not detect and mark / flag / drop this virus loaded email...
See - http://sanesecurity.blogspot.co.uk/2015/03/your-latest-documents-from-rs-components.html

Return-path: <Bethany.d9@h94-12-137.cornut.fr>
Envelope-to: kevin@mydomain.me.uk
Delivery-date: Tue, 31 Mar 2015 13:40:44 +0100
Received: from [212.159.9.108] (helo=avasin16.plus.net)
	  by inmx02.plus.net with esmtp (PlusNet MXCore v2.00) id 1YcvTI-0001dB-Ct 
	  for kevin@mydomain.me.uk; Tue, 31 Mar 2015 13:40:44 +0100
Received: from h94-12-137.cornut.fr ([94.127.12.137])
	by avasin16.plus.net with Plusnet Cloudmark Gateway
	id ACgg1q00Z2xQtnA01Cgjl7; Tue, 31 Mar 2015 13:40:44 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=bPKYIZOZ c=1 sm=1 tr=0
 a=NhQCZthBbaTFKWukfNrmSg==:117 a=NhQCZthBbaTFKWukfNrmSg==:17 a=0Bzu9jTXAAAA:8
 a=7uKcwXwSavkA:10 a=iOjNAnK1AAAA:8 a=r77TgQKjGQsHNAKrUKIA:9 a=9iDbn-4jx3cA:10
 a=cKsnjEOsciEA:10 a=gZbpxnkM3yUA:10 a=_tVgneDzAAAA:8 a=jFmJkzCuAAAA:8
 a=XfRHHcAGAAAA:8 a=zwPxn2DFAAAA:8 a=nNAiHkcKAAAA:8 a=C4ap_-gFvuNgxOLsa8kA:9
 a=T7WGOHuFxzaqwkbJ:21 a=XS6_rZEKEvzJ4XUq:21 a=eXxoa78awwOIa-2W:21
 a=QEXdDO2ut3YA:10 a=0rFf1bzUEKIA:10 a=wSbQ_-_mLXwA:10 a=YnUBg1f03_wA:10
 a=UJPb-PXoAM6YQ1_fK8kA:9 a=diV1Cm6KfS4A:10
Message-ID: <954D39F0.3279635@mydomain.me.uk>
Date: Tue, 31 Mar 2015 14:40:33 +0200
From: Wendy Hanson <Bethany.d9@h94-12-137.cornut.fr>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: kevin@mydomain.me.uk
Content-Type: multipart/mixed;
 boundary="------------475949562821689934092096"
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: 39437-Your Latest Documents from RS Components 298498999

Somewhat miffed that this email addy is in the hands of spammers, but that's down to the 2007 foible!
What is the Cloudmark new threat catch-up / turn round window - hours, days or weeks?
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 1 of 6
(1,443 Views)
0 Thanks
5 REPLIES 5
Oldjim
Community Veteran
Posts: 38,460
Thanks: 1,028
Fixes: 63
Registered: ‎15-06-2007

Re: Warning: New SPAM threat - Your Latest Documents from RS Components

‎31-03-2015 3:55 PM

see also here http://community.plus.net/forum/index.php/topic,138151.0.html
Message 2 of 6
(618 Views)
0 Thanks
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,814
Thanks: 4,843
Fixes: 314
Registered: ‎04-04-2007

Re: Warning: New SPAM threat - Your Latest Documents from RS Components

‎31-03-2015 4:33 PM

Received the same message to an externally-hosted email address. It was marked as spam, but only just. Without some of the custom weighting I've applied to Spamassassin tests, it would have got through unscathed.
Looks to originate from a botnet so trapping at the source is tricky.
I expect Cloudmark will develop a signature for it eventually, not sure when though as it's not an exact science.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 3 of 6
(618 Views)
0 Thanks
spraxyt
Aspiring Legend
Posts: 10,063
Thanks: 673
Fixes: 75
Registered: ‎06-04-2007

Re: Warning: New SPAM threat - Your Latest Documents from RS Components

‎31-03-2015 4:36 PM

Quote from: Townman
What is the Cloudmark new threat catch-up / turn round window - hours, days or weeks?

I believe it can be hours if they get enough reliable reports. Most of these to me have been trapped already. I've reported one that wasn't (using the 'spam' button in webmail).
David
Message 4 of 6
(618 Views)
0 Thanks
picbits
Rising Star
Posts: 3,432
Thanks: 23
Registered: ‎18-01-2013

Re: Warning: New SPAM threat - Your Latest Documents from RS Components

‎31-03-2015 5:47 PM

Had 30-40 of these today - sent to an email address not used by PN so you can rule that out.
In fact they were sent to an email address with my full name showing as well so I suspect something to do with either Yahoo Groups or one of the many Chinese companies I've used that email address with.
Message 5 of 6
(618 Views)
0 Thanks
Routefinder
Grafter
Posts: 453
Thanks: 1
Registered: ‎01-08-2007

Re: Warning: New SPAM threat - Your Latest Documents from RS Components

‎31-03-2015 10:23 PM

I did get 3 quarantine alerts to 3 separate mailboxes ~ not a thing I recall seeing before from @quarantine.plus.com
I would like to hope that had they gotten through my AV setup would have detected them Smiley
Message 6 of 6
(618 Views)
0 Thanks