• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
Emotet Trojaner Schutz

Banking Trojan Emotet: Optimising Protection with NoSpamProxy

All Topics, News, NoSpamProxy Protection, Tech & Support

A new wave of spam emails and viruses is currently affecting IT systems around the world. Since early November 2018, fake invoices, bank account warnings and other forged documents containing malicious code in the form of banking trojan Emotet are being distributed.

Malware Hides in Word and PDF Files

The documents are sent as part of faithfully reproduced phishing emails. After opening the attached Word or PDF file, recipients are prompted to activate Word macros or click links in PDF files. This installs and activates Emotet on the recipient’s computer.

We strongly advise against opening unchecked attachments in emails even if the email looks authentic at first glance. In this context, we would like to draw your attention to some of the features in NoSpamProxy and give you some tips on how you can further improve your protection against the current spam and virus attacks.

Content Disarm and Reconstruction (CDR)

CDR is included in NoSpamProxy Protection. CDR converts Microsoft Word and Excel files into non-hazardous PDF files and removes all active content, such as macros. The PDF file can then be opened without concerns, with the original file either left attached to the email or removed.

In conjunction with NoSpamProxy Large Files, it is also possible to securely place and lock the original file on the Web Portal. Please note that we currently recommend this for trusted partners also.

CDR is activated in the NoSpamProxy content filters. A training video on the content filters can be found at https://www.nospamproxy.de/de/support/trainingsvideos/

File-based virus scanner

To improve virus detection, you can add the File-based virus scanner action in each rule, provided that an additional local virus scanner is available on the servers running the gateway role.

Please read the following article in our Knowledge Base: https://www.nospamproxy.de/de/knowledge-base/konfiguration-installierter-on-access-virenscanner/

Level of Trust

It is also possible to change the global behaviour of the Level of Trust filter in NoSpamProxy. This allows you to adapt the detection behaviour of known and trusted communication partners to the respective situation. By default, the filter works based on the Envelope-FROM and/or the Header-FROM. This can lead to unwanted acceptance of emails in which the Envelope-FROM and the Header-FROM are not identical.

To change the way the filter works, go to Configuration > Advanced Settings > Level of Trust configuration in the NoSpamProxy console. On the General tab, change the option for Sender address evaluation from Envelope and Header-From addresses (recommended) to Envelope address only.

Please note that this can lead to an increased number of rejected emails. It is also possible that desired emails such as newsletters or emails with different values in the headers are rejected. Since an adjustment of the filter improves the defence against currently unwanted emails, this setting should nevertheless be considered.

These recommendations optimise the defence behaviour of NoSpamProxy against the currently increasing number of spam and virus emails.

  • share 
  • share 
  • tweet 
  • email 
13.11.2018/by Stefan Sturm

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
How to send large files by e-mail?Wie kann man große Anhänge per E-Mail versenden?Welche Arten von Malware gibt es?An Overview of Malware Types
Scroll to top