MailWasher Filter Solutions for ECard Trojan Scams
By now most of you have seen hundreds of "Postcard" email scams in your inboxes and are getting tired of hitting the delete button (hopefully you are deleting them!). These messages have subjects containing phrases implying that a Friend, or Class-Mate or "Worshipper" (etc) has sent you a postcard, or ecard, or greeting postcard, etc. They all contain false details about an alleged e-card that is waiting for you if you click on the link supplied, usually with a numeric IP, followed a forward slash, a question mark, then a bunch of random characters, leading to a compromised PC hosting a web page containing hostile JavaScript to redirect you to a website that has the Storm Worm infector. Anybody who is foolish enough to click on that link, in a Windows PC, or Windows powered hand-held device, will probably be infected with the Storm Worm, or a variant thereof, and their PC will become a spam relay in a BotNet.
If you use MailWasher Pro to screen your incoming email I have an automatic solution for detecting and deleting these, and most other spam messages in the wild; my custom MailWasher filter rules targeting current types of spam. MailWasher Pro uses a text file called filters.txt to list custom conditions for identifying and acting against spam that matches the statements in these user configurable rules. A default installation produces a very basic filters.txt file, which is waiting for you to add your own custom rules to it.
If you don't know how to create your own MailWasher filters, visit my MailWasher Pro Filters page, where you will find my own list of custom filters for use with the MailWasher Pro email program. The filters will load into an iframe in the middle of the page (No, this is not an exploit, just an HTML inline frame with visible contents). There is a large set and a smaller set of filters. I use the smaller set which is targeted at the most recent varieties of spam in the wild. The large set includes the new rules plus anti-spam rules going back about 5 years.
To use my filters in your MailWasher application you should first copy the contents of the set you prefer to use (click inside iframe, press Control + A, press Control + C), or right-click on one of the file links on the web page and save it as "filters.txt" on your desktop. With MailWasher open click on Help > "About" which will open a box with the version and copyright details. At the bottom of this box there is a link to your personal profile data folder for MailWasher Pro. Click on the link at the bottom of the About box to open the MailWasherPro Application Data folder in a window, then close MailWasher. You must close MailWasher before editing filters.txt, otherwise your changes will be overwritten by the program. The only time you can work on filters with MailWasher open is if you use the Filters utility from within the program, to create or edit rules.
There will be a file named filters.txt in your MailWasher Pro application data folder. You will either overwrite it's contents, or add to them, depending on if you have created any of your own filter rules. If you haven't created your own filters and you downloaded one of my filters files and saved it as "filters.txt" just drag it from your desktop into the MailWasher Pro data folder and drop it there, allowing it to overwrite the existing copy.
If you chose to copy the contents in the iframe for pasting into the program's filters.txt, open filters.txt in NotePad, in the "MailWasherPro" Application Data folder. If you are going to add my filters to your existing rules choose a line where you want them to start (the beginning is a great place), click on the beginning of that line and press Control + V, to paste them in at that point. If you are going to overwrite the existing filters entirely click inside it and press Control + A (Select All), to highlight all of the contents, then press Control + V to paste my filter rules into the document, overwriting the contents, then save the changes (Alt > F > S). Make sure you don't have any blank lines between rules and that each rule begins on a new line. Turn off Word Wrap. Instructions are typed in the top comments of my rules.
After you have pasted in the new rules, close filters.txt, then open MailWasher Pro. My filters should now be loaded into the program and will delete most current incoming spam, either automatically, or manually. Use Control + F7 to display or hide the filter sidebar, in the program interface. Watch for spam messages that are hidden by some rules, which you must delete manually, by clicking on Process Mail (F6), on top of MailWasher Pro. Make it a practice to click on the Process Mail button every hour, whether there is anything marked for deletion or not. This frees up RAM and removes temporary data files created while the program is running. It will also delete hidden spam messages.
I update my rules very frequently, sometimes more than once on the same date. I post the last updated date in the comments of the filters, in the top of the files. Comments begin with //. Be sure you bookmark my MWP filters page and check it often for new or altered filters. There is a link under the iframe to sign up for alerts from ChangeDetection.com whenever it detects a new date stamp on the page.
Wizcrafts Custom MailWasher Pro Filters are discussed on the Firetrust MailWasher forum, where I post notices about filter updates and where other MailWasher users provide input about them.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.