Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 1732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UPS and Tax Refund messages

brianb

I am being continually barraged by these two phishing and Malware emails (UPS Delivery and "Tax Refund Application" - as if!). The first comes in a batch of spam including the same one every time from Mariner Software so I suspect this is where my email address was obtained by the spammers.I run Sophos and erase and delete the emails and attachments in my library/mail/etc accounts but they raise their heads again like in Deliverance. Any ideas how to rid me of these troublesome trysts?

:1002461


This thread was automatically locked due to age.
Parents
  • 0

    We generally label those as BredoLab malware here in the labs; your best bet is to either use an email filtering product, or set up your own custom filters.

    As SAV should detect almost all of the zip attachments that come with those emails, you could possibly write some applescript to *silently* auto-delete any messages containing detected malware (you could go even further and do it only if it detects on, say, BredoZp -- our detection that detects the actual zip file, as opposed to its contents).  Best bet is to set up some filtering at your ISP's level though.  While my personal ISP doesn't catch as many of these as Sophos products do, it still catches enough that the ones that slip through and get deleted at the mail client are much less painful.

    The biggest way to avoid these in the first place is to only give out throwaway email addresses -- webmail accounts, etc. so that 1) you've got some strong mail filtering behind your account, and 2) if it gets too bad, you can always scrap the account and create a new one.  Just give out your official account to actual people you want to communicate with; leave the other accounts for businesses and online signups.

    :1002463
Reply
  • 0

    We generally label those as BredoLab malware here in the labs; your best bet is to either use an email filtering product, or set up your own custom filters.

    As SAV should detect almost all of the zip attachments that come with those emails, you could possibly write some applescript to *silently* auto-delete any messages containing detected malware (you could go even further and do it only if it detects on, say, BredoZp -- our detection that detects the actual zip file, as opposed to its contents).  Best bet is to set up some filtering at your ISP's level though.  While my personal ISP doesn't catch as many of these as Sophos products do, it still catches enough that the ones that slip through and get deleted at the mail client are much less painful.

    The biggest way to avoid these in the first place is to only give out throwaway email addresses -- webmail accounts, etc. so that 1) you've got some strong mail filtering behind your account, and 2) if it gets too bad, you can always scrap the account and create a new one.  Just give out your official account to actual people you want to communicate with; leave the other accounts for businesses and online signups.

    :1002463
Children
No Data