Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

'Cured' SPAM?

23 views
Skip to first unread message

MB

unread,
Oct 5, 2016, 3:24:09 AM10/5/16
to
Anyone have any ideas of the origin or reason behind all the SPAM
messages beginning '[Cured]' in the subject field.

I have had nine this morning and it is only just after 0800h. They are
easy to filter out with a proper mail reader (mobile phone more difficult).

They have been coming for several weeks but seem to be increasing now.


Martin Brown

unread,
Oct 5, 2016, 3:56:48 AM10/5/16
to
On 05/10/2016 08:24, MB wrote:
> Anyone have any ideas of the origin or reason behind all the SPAM
> messages beginning '[Cured]' in the subject field.

Some AV or other has marked them in a "cute" fashion.

I expect it means that the hostile binary has been stripped off.

You would have to post a sample with full headers for anyone to offer a
more sensible explanation. I haven't seen *any* like you describe.

Spam du jour is currently: "Bill for <object> NNN-NNNN-NNN-NN"
>
> I have had nine this morning and it is only just after 0800h. They are
> easy to filter out with a proper mail reader (mobile phone more difficult).
>
> They have been coming for several weeks but seem to be increasing now.

Spam is sadly always increasing in volume.

Regards,
Martin Brown

Brian Gregory

unread,
Oct 5, 2016, 6:43:28 AM10/5/16
to
On 05/10/2016 08:24, MB wrote:
I think your ISP is adding that, probably to show that some malware has
been removed.

--

Brian Gregory (in the UK).
To email me please remove all the letter vee from my email address.

Roger Mills

unread,
Oct 5, 2016, 9:01:33 AM10/5/16
to
On 05/10/2016 08:24, MB wrote:
Probably a joke, contrasting spam with cured ham - or corned beef!
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

Pete Forman

unread,
Oct 6, 2016, 1:02:59 PM10/6/16
to
Have a look at the full headers of the emails. If a malware scanner is
responsible for the "[Cured]' prefix there should be details of the
scoring.

--
Pete Forman
https://payg-petef.rhcloud.com
(formerly on http://petef.22web.org/payg.html)

Chris Bartram

unread,
Oct 7, 2016, 4:15:22 AM10/7/16
to
On 06/10/2016 18:02, Pete Forman wrote:
> MB <M...@nospam.net> writes:
>
>> Anyone have any ideas of the origin or reason behind all the SPAM
>> messages beginning '[Cured]' in the subject field.
>>
>> I have had nine this morning and it is only just after 0800h. They
>> are easy to filter out with a proper mail reader (mobile phone more
>> difficult).
>>
>> They have been coming for several weeks but seem to be increasing now.
>
> Have a look at the full headers of the emails. If a malware scanner is
> responsible for the "[Cured]' prefix there should be details of the
> scoring.
>
Odd. I thought that maybe my hosting provided had turned on scanning
when I first started getting this, but unless the OP shared the same
provider, that seems less likely?

I do have some headers in the stuff I'm getting that look like
Kaspersky- can anyone confirm if they're genuine?

X-Mailer: iPhone Mail (13B143)
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: disinfected, AntiVirus
X-KLMS-AntiSpam-Status: not scanned, license restriction
X-KLMS-AntiPhishing: not scanned, license restriction
X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server, version
8.0.1.705, bases: 2016/10/05 09:11:00 #8007080; khse: 2014-01-23 rollback
X-KLMS-AntiVirus-Status: Infected Trojan-Downloader.JS.Agent.mrt,
disinfected
0 new messages