How do I stop receiving this type of spam?

BlackShot

Level 1
Thread author
Verified
Jul 12, 2014
34
Hello,

Some guy/server started sending to my email A LOT of spam messages from the same thing, that I'll show below. I simply can not create a filter for this, because every email is from a new account, from a new title and from a new content, but they all follow the same model. Oh, and the links are always different.

In one day I received more than 10 messages of this type:

ZLTPhBw.png

(The censured part is my name, but I can't block these type of emails!)

The content:

h051nci.png


Do you guys have something efficient against it?

Thank you!
 
Last edited:

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Would be simple to block with a regular expression but I don't think online mail providers allow these. Otherwise you might want to target emails which use strings such as these and simply move them to the junk folder.

Code:
--..
..--
..-_
..__
____
etc.
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
From what I understand, this is done by an automatic Bot program. Once the e-mail is opened it accesses your address book, and sends e-mail out to everyone you know.
  1. The corrective course is to immediately change your password.
  2. Warn friends & family about this, and have them spam it.
Since using the free containment app, Sandboxie www.sandboxie.com I haven't had this happen again!:):)

Update: My good friend, Cowpipe, knows a great deal.;)
Don't ever make him mad.:p:D *Kidding* ..:eek:but don't!
 
Last edited:

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
From what I understand, this is done by an automatic Bot program. Once the e-mail is opened it accesses your address book, and sends e-mail out to everyone you know.
  1. The corrective course is to immediately change your password.
  2. Warn friends & family about this, and have them spam it.
Since using the free containment app, Sandboxie www.sandboxie.com I haven't had this happen again!:):)

You're confusing SPAM messages with email worms there Cats- ;)

A spam message will contain stuffed keyword text and often weird combinations of normal sounding sentences to get past spam filters, the punctuation is also a means to defeat keyword filters (although the more intelligent will have picked up on the high level of punctuation)

The emails themselves will normally either ask you to reply (so it is known the account is active and it becomes worth more to spammers), or you will be enticed to click a link, either for advertising, phishing or malware distribution ;)
 
  • Like
Reactions: BlackShot

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Would one of you mind posting the email headers for me to have a look at? Blank out your address of course ;)
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Interesting. I didn't envision Sandboxie having anything to do with email.
Neither had I.
Maybe I've adopted safer habits being exposed to all of your positive influences which, in turn, makes me automatically immune!:D As for Sandboxie, and keeping in mind Dr. Cowpipe's correct diagnosis, it does keep your system free of worms & trojans too!:);)

Update: Back to the subject of Spam, Google's Gmail filters completely thus practically eradicating the presence of any and all Spam. "It was elementary, my Dear Cowpipe!"
 
Last edited:

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Spam is all about "getting" something. Getting longer, getting fitter, getting bigger, getting thinner, getting infected, getting high, getting rich, getting ripped off, getting a bargain price Thai bride etc.
 
  • Like
Reactions: BlackShot

BlackShot

Level 1
Thread author
Verified
Jul 12, 2014
34
Would one of you mind posting the email headers for me to have a look at? Blank out your address of course ;)

Of course not! But each message has a different email. -_-

TTnv0gH.png


***

de (from)
para (to)
data (date)
assunto (subject)
 
  • Like
Reactions: Cowpipe

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Of course not! But each message has a different email. -_-

TTnv0gH.png

Sorry, poor explanation on my part, I meant the actually MIME headers, see here: https://support.google.com/mail/answer/22454?hl=en

  1. Log in to Gmail
  2. Open the message you'd like to view headers for.
  3. Click the down arrow next to Reply, at the top of the message pane.
  4. Select Show Original.
The full headers will appear in a new window.

I might be able to give you some better advice then :)
 
  • Like
Reactions: BlackShot
D

Deleted member 178

spam are not infection so Sbie is powerless against them, they are just annoying emails; it is your mail provider to filter them but they are limited so you have to edit the filters yourself or via a tool.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
for gmail i use unsubscribe. it's a service you add to gmail.

select the email and move it to your unsubscribe folder. every new email from that sender would be transferred to unsubscribe folder
256wjz7.jpg
 
Last edited:
  • Like
Reactions: BlackShot

BlackShot

Level 1
Thread author
Verified
Jul 12, 2014
34
spam are not infection so Sbie is powerless against them, they are just annoying emails; it is your mail provider to filter them but they are limited so you have to edit the filters yourself or via a tool.

The problem is that I can not filter this type of message. They use aleatory things all the time (like email sender, subject, content etc.).

for gmail i use unsubscribe

Sorry, it does not work for this type of message.
 

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Worth blocking

Code:
gedris.org

Block all emails that come from that site, well known spam site. Could you upload another emails headers for me to look at please?
 
  • Like
Reactions: BlackShot

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
You can also block all emails containing the following string:

Code:
Ć L I C K 

This kind of obfuscation will very, very rarely occur in a normal email, personally I've never seen it.

You can check that the filter is working by removing all other email addresses from the To/cc/bcc etc... and forwarding the message to your inbox. If the content filter works it should go straight to junk
 

BlackShot

Level 1
Thread author
Verified
Jul 12, 2014
34
Worth blocking

Code:
gedris.org

Block all emails that come from that site, well known spam site. Could you upload another emails headers for me to look at please?
Blocked (from, right?).

You can also block all emails containing the following string:

Code:
Ć L I C K 

This kind of obfuscation will very, very rarely occur in a normal email, personally I've never seen it.

You can check that the filter is working by removing all other email addresses from the To/cc/bcc etc... and forwarding the message to your inbox. If the content filter works it should go straight to junk

That's definitely not a problem! Also, I just created a new filter with your informations.

http://pastebin.com/7q5XmALV
http://pastebin.com/KMaP7rib
http://pastebin.com/Km1Lz1iA
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
I'm not talking about unsubscribing from an email list. This is a gmail app

http://www.otherinbox.com/unsubscriber_app/

UNSUBSCRIBER

Your Unsubscribe folder is the simplest way to stop emails you don't want. Just move unwanted messages to the Unsubscribe folder and we'll take care of the rest. It's a satisfying way to simplify your inbox.


When you move an email to the Unsubscribe folder, we notify the sender that you want to be removed from their list.


You don't have to answer any questions or remember your password. Once the email is in your Unsubscribe folder, you’re done!
 
  • Like
Reactions: xxtoss23

BlackShot

Level 1
Thread author
Verified
Jul 12, 2014
34
I'm not talking about unsubscribing from an email list. This is a gmail app

http://www.otherinbox.com/unsubscriber_app/

UNSUBSCRIBER

Your Unsubscribe folder is the simplest way to stop emails you don't want. Just move unwanted messages to the Unsubscribe folder and we'll take care of the rest. It's a satisfying way to simplify your inbox.


When you move an email to the Unsubscribe folder, we notify the sender that you want to be removed from their list.


You don't have to answer any questions or remember your password. Once the email is in your Unsubscribe folder, you’re done!

Hm, thank you! I didn't know about that. I'll try it! But are you sure that it works for these type of messages?
 
  • Like
Reactions: WinXPert

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top