@DustinB3403 said in Spamnesty: Waste spammers' time:

But I have to contribute my resources to waste the spammers time....

Well worth it 🙂

Almost every time I'm helping someone with an exchange issue on Spiceworks, they chime in with their spam. No information about how it does it different or what it does that the free Microsoft tools don't do, just spam. A couple of times I have ask them for more information about how their product will help the OP and they never reply.

I have seen the video previously. Hilarious, watching it again now haha.

Tagging @stus

v=spf1 include:_spf.google.com aspmx.googlemail.com -all

are you sending emails from a or other mx records on your domain? If not you dont need to include them. This should work ok for you
I also like hard fails, but others dont.

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

That's definitely a question

What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.

Agreed

Doesn't take all that much. And you never know if the society is real but the email is not. Although the entire premise is very scammy. It's got Amway written all over it.

Related to the actual cause of the problem, I apparently was testing some SMTP stuff a while back and disabled my rule to block all SMTP outbound on my network, then forgot to turn it back on. That rule is enabled again, so now waiting to see when it gets hit to find out what the hell on my system is sending spam.

But, this still does not resolve the MS problem with the white listing until the CBL drops off.

Remember that "requesting email" is a completely illogical thing to do in a court if the goal was to see what had been said. Why would any court say "Show us all of the email communications that went through Exchange but don't show us the Lync messages, documents stored in other systems, contents of attachments, etc."

Of course they don't do that. That would be incredibly silly. They request categories like "all external communications", "all internal" or whatever it is they are looking for.

I didn't even turn it on. From the description it sounds like a really bad idea. It's like autofiltering that takes more work than real filtering, isn't as reliable, is less predictable and then alerts you anyway completely defeating its own purpose.

@thecreativeone91 said:

@IRJ said:

I wonder how many lines they throw out before they get a bite?

Are we talking about spam or fishing?

I am talking about the email you received in particular. I have received emails from the same company

If you are uncertain, http://urlquery.net can be helpful.

It will report on what happens when you go to a particular URL.
It can even give you a preview (sometimes) of the page.

@scottalanmiller said:

From the pic, it just looks like an account. Being hacked would likely be completely different.

Yeah, which is what I figured too. There were probably 7-9 accounts total, at a rough guess, that were doing it, but a few more prolific than others.

Nice. I'm always amazed at how many companies let this happen.

Good stuff.

@Katie said:

@JaredBusch That's what I think, too - it's kind of a phishing thing at this point and isn't connected to my current email. I feel bad that my friends are getting spammed and think its me. 😞

The VP at my former employer pays me to come take care of her home gear ever couple months and she has recently been suffering through this also. Just for her it is her active Yahoo! account, not an inactive AOL account.

The headers all clearly show that it is not coming from a valid Yahoo! server. When she called me to ask ab out it, I looked in my SPAM file and found her emails to me. This means Google blocked them and the problem is that the recipients' SPAM software is obviously not up to snuff.