Ok, so it's this virus that's mutating at an alarming rate. It's that one that tells you that your account is being suspended.
Anyhow, I wrote up some rules that should atleast get the thing caught as Spam, so it won't be as annoying.
header MYTOB_SUB1 Subject =~ /Notice: \*\*Last Warning\*\*/
header MYTOB_SUB2 Subject =~ /\*DETECTED\* Online User Violation/
header MYTOB_SUB3 Subject =~ /Your Email Account is Suspended For Security Reasons/
header MYTOB_SUB4 Subject =~ /Account Alert/
header MYTOB_SUB5 Subject =~ /Important Notification/
header MYTOB_SUB6 Subject =~ /\*WARNING\* Your Email Account Will Be Closed/
header MYTOB_SUB7 Subject =~ /Security measures/
header MYTOB_SUB8 Subject =~ /Notice of account limitation/
body MYTOB_BOD1 /Once you have completed the form in the attached file , your account records will not be/
body MYTOB_BOD2 /The original message has been included as an attachment./
body MYTOB_BOD3 /We regret to inform you that your account has been suspended due to the violation of our site/
body MYTOB_BOD4 /We attached some important information regarding your account./
body MYTOB_BOD5 /Please read the attached document and follow it's instructions./
score MYTOB_SUB1 3
score MYTOB_SUB2 3
score MYTOB_SUB3 3
score MYTOB_SUB4 3
score MYTOB_SUB5 3
score MYTOB_SUB6 3
score MYTOB_SUB7 3
score MYTOB_SUB8 3
score MYTOB_SUB9 3
score MYTOB_BOD1 5
score MYTOB_BOD2 2
score MYTOB_BOD3 5
score MYTOB_BOD4 5
score MYTOB_BOD5 5
Comments (1)
(Found this post via a Google search for 'mytob annoying'... which it indeed is.)
On my accounts at my personal domain, I just filtered out all messages with the line:
"Zone38 Antivirus - www.zone38.net"
because, well, I don't think I'll ever be seeing that in any sort of legitimate message. And it worked wonderfully.
Adjust for the appropriate domain name as necessary, of course. :)
Posted by codeman38 | July 10, 2005 10:33 PM
Posted on July 10, 2005 22:33