suspect email

Discussion in 'WormGuard' started by tutankamon, Mar 14, 2004.

Thread Status:
Not open for further replies.
  1. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    I have noticed an increase of the number of "spam" e mails coming into my INBOX, being suspicious I scanned them with Norton, TDS3, a2, and wormguard. wormguard would not let me open these e mails so I have zipped them, and will submit them to DiamondCS.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Tut, any specific warnings?
    And your email scanner?
    If you can look in the properties either via the email client (without opening the email) or via WG, do you get any impression?
    Do send them in, we might get new updates from it in our databases.
    These days i also see many institutions which formarly sent HTML emails now send TXT emails with an HTML attachment. Of course i am not happy with that as attachments can be even more dangerous.
    If you use outlook express, make suer if you have preview up to be in another innocent folder, click "search" (find?) for instance todays inbox;
    now in your search list rightclick one of the emails, look for properties. Look in all the source code, what is it about, anything you want to read? what is the attachment, some double file extension?

    Wished it were possible to have one zip file on our system and when we find something suspicious when we want to save an attachment it would be possible immediately to add it into that one zip so we can scan it while there is no immediate danger for the file to be touched and to run.
    (kind of quarantine place, but scannable).

    Anyway, now you have the emails zipped do send them in and you might like as well to try for yourself the online scanner at www.kaspersky.com/remoteviruschk.html to have a reply in a few seconds online.
     
  3. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hi Jooske,
    I sent them in, but in the meantime I used your link to check them online, they were reported OK.
    A very good link! I was saying that I have noticed an increase in junk coming onto my inbox, some of it repeated twice. As I mentioned in the past, I use Yahoo mail as my main one but I also have Outlook Express which I use to SEND.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The nice part with yahoo is their online mail scanner.
    The other day i caught there a moodown while the KAV site said it was netsky (or the opposite) so Gavin was so kind to explain it is the same but since version b or after it is named netsky.
    This is not my own mailbox but somebody else's who doesn't dare to open nothing anymore if i haven't tried my forces on it first. Anyway, got several nice samples there to make Gavin happy again.
    Glad your samples seem to be clean.
     
Thread Status:
Not open for further replies.