The Internet community has been pestered with yet another wave of spam mails containing fake membership information and e-cards. The spammers use two attack vectors if you click on the ip that is listed in those emails. They try to convince you to download a so called Secure Login Applet which is nothing more than an infected executable named applet.exe and also try to use several known exploits.
The mails are send out with various subjects such as Internet Dating, Member Details and New Member Confirmation and contain (fake) username and password information as well as a link that is always shown in IP form. I created a screenshot of one of the messages that I received today, take a look:
I was not able to identify any recurring information that could be used in the header of the emails but fortunately for us the body contains information that are present in every spam mail send out by the spammers.
You always find a link to an IP address in those mails and we can use this information to filter out these emails. I will explain a step by step tutorial on how to setup the filter in Thunderbird, other mail clients should offer a similar functionality.
- Open Thunderbird
- Create a new mail folder where the spam that is found will be moved into
- click on Tools > Message Filters
- Choose an account and click on New
- Name it accordingly, something like Membership Spam will do
- Hit the + button in the top form eight times and edit all nine filters the following way
- Select Body instead of Subject in the first pulldown menu
- Leave the second pulldown menu unchanged
- Add http://1 to http://9 in the nine textfields in the third pulldown menu (one at a time)
- Change the mail folder to the folder that you created before creating the filter and click on ok
If you have done everything correctly it should look like the following:
This mail filter makes sure that every mail that contains a link to an IP address will be moved to a folder that you created. I decided to move the mails instead of deleting them right away because it is theoretically possible that you do receive an IP link in a mail that is not spam.
If you think that this is highly unlikely you can change the move to command into delete to delete the spam mail right away. Let me know if you have any questions or difficulties setting up this filter.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Advanced Spam MailsA collaborative spam filter
best free anti spam software
Automatically remove duplicate mails in Thunderbird
Thunderbird Remove Duplicate Mails