SPAM mail message

Hi,

the other day I received the e-mail copied below.

Is this generated and sent by F-Secure Safe? I don’t recognize the mail format as being according to the messages I normally get from F-Secure Safe

Was the SPAM mail sent from the Latvian mail address?  or is this from a F-Secure office?

Is “Datorskydd” the same as F-Secure?

What is the meaning of 64971 ?

What is the meaning of Trojan:JS/Kavala.D ?

Best regards

Göran Ignell

 

[SPAM] [Skadligt e-postmeddelande togs bort] 64971 g.ignell

[email protected]

Datorskydd ******************************************************************** Det här e-postmeddelandet skapades automatiskt och går inte att svara på. Du fick ett e-postmeddelande med skadligt innehåll. Datorskydd tog bort det skadliga innehållet och ersatte det med det här meddelandet. Datorn är säker och du kan ta bort det här meddelandet. (Angreppet togs bort: Trojan:JS/Kavala.D) ********************************************************************

Answers

  • SimonSimon Posts: 2,560

    I think you may have to wait until someone comes along who reads Latvian, to get an answer to this.  I don't recall seeing anywhere that the F-Secure product sends out an email if you receive spam - it is supposed to mark it as [SPAM] in your email client, providing you have the Spam Filtering turned on, and you are using a compatible email program.  I'm guessing, without being able to read the email, that it could have been forwarded by someone who has you on their contacts list, and who's email security may have been compromised, but as I said, that's just a guess.

  • UkkoUkko Posts: 2,893

    Hello,

     

    Sorry for my letter.

     

    If you did set up for F-Secure SAFE Spam protection (and this is letter comes with supported client/protocol).... this is can be valid result of protection-work.

    My experience not about receiving spam letters ... so I not sure how to work F-Secure on current day.

    Based on Help-information... there can be just "[SPAM]"-tag added. And letter under spam-folder. But not re-change text (like provided by you)... but I think this is can be.

     

    Based on letter/description of situation... for me sounds like that your mail-client with F-Secure (or other security protection sotware) properly handled spam-letter (or potentially spam).

     

    And.. for your ask -->

    --> There is not F-Secure office mail address, but probably "hacked" local mail-address.

    Someone get trouble with malicious activity under system (or mail-account was leaked).... and maybe this letter result of this trouble.

    Maybe transferred to random mail addresses (as result..  letter comes for you too).

     

    --> Number maybe meaning some kind of letter number (?) or title of letter (which was there before adding information on svenska about malicious removal action and [SPAM]-tag).

     

    --> Trojan:JS/Kavala.D

    This is signature-detection-name for malicious file/script... which maybe was under letter as "attached file" or under letter text (if possible to be there HTML or other). So this is a reason for block/delete and marked this letter as spam. (And malicious).

     

    Maybe can be f/p-detection.

     

    Not sure if this is result of work by F-Secure protection.

    But if all other work and looks good... maybe you just be sure... that you do not download any attachments or opened suspicious letters.

     

    Maybe will be good if official response by F-Secure Team will be there too.

  • Thank you Simon for your comments.
    It is interesting to know that also you find the message a bit odd.
    My main interest is to understand if the e-mail is generated by F-secure and what the meaning of the codes  (64971 and  JS/Kavala.D) are and what the Latvian mail address tells me.
    Also I have to tell you that the e-mail  sent to me is in Swedish and not in Latvian. It looks as if it sent from this Latvian address.
    A translation follows.

     

    (SPAM) (Harmful e-mail message has been deleted) 64971 g.ignell
    ….@inbox.lv
    Computer protection
    *********************
    This e-mail message was created automatically and cannot be answered.
    You received an e-mail message with harmful content. Computer protection deleted the harmful content and replaced it with this message. The computer is safe and you can delete this message.
    (The attack was deleted: Trojan: JS/Kavala.D)
    *******************************


  • Thank you Ukko for your comments.
    I start to believe that the message was created by the e-mail-client. It is a pity though that it is so anonymous.
    I have set the filter level “low” here which means that mails identified as possible spam are moved to the Spam folder.

     

    The reason why I thought maybe F-secure was involved this time is that this is the first time I receive a separate mail about the detection of a possible Trojan attack.
    Let us see if there will be any official response from the F-Secure team.

  • SimonSimon Posts: 2,560

    Post removed.

  • SimonSimon Posts: 2,560
    The "harmful message deleted" part suggests to me that the email may have been scanned by your email provider, and that it has delivered the message without the harmful attachment. I've had that on occasions from one or two of my mail providers.
This discussion has been closed.