How to filter fake membership and e-card spam mails - gHacks Tech News

ADVERTISEMENT

How to filter fake membership and e-card spam mails

by Martin Brinkmann on August 21, 2007 in Email, Security - Last Update: March 16, 2014 - 1 comment

The Internet community has been pestered with yet another wave of spam mails recently. The new type of spam contains fake membership information and e-cards.

The spammers use two attack vectors if you click on the IP link that is listed in those emails. They try to convince you to download a program called Secure Login Applet which is nothing more than an infected executable named applet.exe and also probe your computer to see if it can be exploited by several known vulnerabilities.

The mails are send out with various subjects such as Internet Dating, Member Details and New Member Confirmation and contain (fake) username and password information as well as a link that is always shown as an IP address. I created a screenshot of one of the messages that I received today, take a look:

filter spam mails

I was not able to identify any recurring information used in the header of the emails but fortunately for us the body contains information that are present in every spam mail send out by the spammers up until now.

You always find a link to an IP address in those mails and we can use this information to filter out these emails. I will explain a step by step tutorial on how to setup the filter in Thunderbird, other mail clients should offer a similar functionality.

  • Open Thunderbird
  • Create a new mail folder where the spam that is found will be moved into
  • click on Tools > Message Filters
  • Choose an account and click on New
  • Name it accordingly, something like Membership Spam will do;
  • Hit the + button in the top form eight times and edit all nine filters the following way
  • Select Body instead of Subject in the first pulldown menu
  • Leave the second pulldown menu unchanged
  • Add http://1 to http://9 in the nine textfields in the third pulldown menu (one at a time)
  • Change the mail folder to the folder that you created before creating the filter and click on ok

If you have done everything correctly it should look like the following:

filter spam mails

This mail filter makes sure that every mail that contains a link to an IP address will be moved to a folder that you specify. I decided to move the mails instead of deleting them right away because it is theoretically possible that you do receive an IP link in a mail that is not spam.

If you think that this is highly unlikely you can change the move to command into delete to delete the spam mail right away. Let me know if you have any questions or difficulties setting up this filter.

Advertisement

Previous Post: «
Next Post: »

Comments

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Ghacks Newsletter Sign Up

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up

Advertisement

Popular Posts

Advertisement

Recently Updated

This Day in History

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2020 - All rights reserved