Email malware botnet dismantled by the FBI

Runbox was recently informed via our Internet Service Provider that a global botnet (robot network) consisting of hundreds of thousands of computers has been disrupted by the FBI.

In a coordinated operation taking place on August 29 in the US and several European countries, the malware (malicious software) known as Qakbot was removed from a large number of infected computers around the world.

What is Qaknet?

Since 2008, Qakbot had spread to victim computers mainly through spam email messages that contained malicious attachments or links. The infected computers effectively comprised a multinational infrastructure that cybercriminals utilized to commit ransomware, financial fraud, and other criminal activities.

In recent years the Qaknet botnet grew rapidly and some estimates state that it was related to around 25% of malware websites and responsible for extorting their victims through ransom payments amounting to tens of millions of dollars over the past couple of years.

Protecting your email account

As a security and privacy conscious email service we welcome this news and congratulate law enforcement on disrupting a vast network of cyber criminals who have victimized individuals and businesses on a large scale for decades.

Qaknet has also impacted some Runbox customers and we are contacting those affected directly via email in order to ensure their accounts are secured.

We strongly recommend that all email users utilize antivirus and antimalware software in addition to the spam and virus filters that are available in your email account. You can find a comparison of such software for various platforms at Wikipedia.

More information

More information about the dismantling of Qaknet can be found here:

Continue Reading →

Better search functionality and HTML view controls in Runbox 7

With this release we are adding more advanced search features including date range searches, as well as improved HTML view controls that let you save display preferences per individual sender.

💡 To access these features, ensure that Runbox 7 is updated by reloading it in a web browser or restarting it on your phone.

More advanced search functionality

Search field controls

By clicking the wrench icon next to the search field you can now easily search only for messages that:

  • Have one or more attachments.
  • Have been replied to.
  • Are flagged.
  • Are unread.

This screenshot shows the advanced search area that provides you with extensive options for message search:

Advanced search screenshot
Advanced search area screenshot

Additionally you can now search by date ranges, for instance messages that were:

  • Received in 2023: date:2023
  • Received between 2020 and 2021: date:2020..2021
  • Received in 2021 or later: date:2021..

Improved HTML message view controls

We have also improved the HTML message view controls that allow you to save HTML and image display preferences for individual senders or for all senders.

The examples below illustrate how this functionality can be used.

HTML view options example 1

Show the text version for the current message:

HTML view options example 2

Show the HTML version with images for all messages from this sender:

Larger popular recipients list

The popular recipients list in Compose has also been improved by increasing the number of contacts from 5 to 10.

The addresses shown beneath the To field can be added to the To field by clicking on them, or dragged to the To, CC, or BCC fields.

Note that this functionality is only available when using the local search index, which is controlled by the “Synchronize index” button in the lower left corner.

Changelog since the previous release

For the more technically inclined, a list of the changes made to Runbox 7 since the previous release can be found below.

Please see https://runbox.com/app/changelog for the complete and categorized changelog.

Commits from fd5c902 to d6c1dca:

  1. Visual changes (preview): Improve formatting of the empty preview pane. (60fcacf)
  2. Visual changes (mailviewer): Increase vertical flexibility of subject field. (364272b)
  3. Visual changes (mail menu): Improve read and unread icons. (93e75ae)
  4. New feature (search): Add more options to advanced search pane. (f2104ac)
  5. Visual changes (preview): Improve HTML display buttons. (16b7a77)
  6. Internal changes (preview): Update test. (7cfda5f)
  7. New feature (search): Enable date range searches (6e8acdb)
  8. New feature (search): Enable Unread Only checkbox only if other options set (45ee5be)
  9. Bug fix (preview): Add tooltip for all senders button. (d86b6eb)
  10. Visual changes (compose): Improve and fix recently used recipients list. (ccbf85b)
  11. Bug fix (payments): Always show “payment not loading” for stripe (ff53567)
  12. Bug fix (payments): Change “payment not loading” to “not working” (e137b26)
  13. Bug fix (payments): Change “legacy” to “alternative” (d6c1dca)

Continue Reading →

Runbox 7 updates March – May 2023: Framework upgrades and interface improvements

This constitutes a major upgrade to the framework and libraries that Runbox 7 is built on, which will facilitate further continuous upgrades and features.

It also includes several bug fixes and improvements, including storing display preferences on the server. This will make the user interface work more consistently across browsers, devices, and sessions and result in a more streamlined experience.

  1. Internal changes (deps): bump ua-parser-js from 0.7.31 to 0.7.33 (75df34d)
  2. Internal changes (deps): bump jszip from 3.7.1 to 3.10.1 (ef32ab1)
  3. Bug fix (drafts): Ensure we only refresh drafts once per folders update (f024af2)
  4. Bug fix (delete): Catch/Prevent more errors by ensuring defaults (5e83f89)
  5. New feature (mailviewer): Display incoming attachment sizes (926ab4b)
  6. Bug fix (compose): More readable attachment file size display (e44fc63)
  7. Visual changes (security): Specify which special characters are allowed in passwords. (#1401) (c575f06)
  8. Internal changes (deps): Update angular2-hotkeys to v13 (85aee64)
  9. Internal changes (deps): Upgrade to angular 12 (11b3aeb)
  10. Internal changes (deps): Update nodejs version for CI (a5cd077)
  11. Internal changes (deps): Upgrade angular-datetime-picker (2a87817)
  12. Internal changes (deps): Upgrade to v13 (4c744c1)
  13. Internal changes (deps): Change swupdate.available to swupdates.versionUpdates (ad7b36a)
  14. Internal changes (deps): Move from tslint to eslint (c010fca)
  15. Internal changes (deps): Remove –aot for start-use-mockserver (08afe91)
  16. Internal changes (deps): Remove SingleMailViewerComponent from rmm6.module.ts (ddebc3f)
  17. Internal changes (deps): Upgrade cypress to 9.7 (c38f460)
  18. Internal changes (deps): Update ical.js to 1.5.0 and use ES2020 modules (9bf6dda)
  19. Internal changes (deps): Fix selectFile file path (ee83c8f)
  20. Internal changes (deps): Update dependant packages (2c11d60)
  21. Internal changes (deps): Upgrade to angular v14 (cddac42)
  22. Internal changes (deps): Explicitly specify runbox7 for build (1b07233)
  23. Internal changes (deps): Upgrade angular/material to v13 (adef6c3)
  24. Internal changes (deps): Revert to angular/material v11 for auto upgrade (97f89cc)
  25. Internal changes (deps): Manually upgrade to angular material v12 (3e04baa)
  26. Internal changes (deps): Upgrade material to v13 (3096d97)
  27. Internal changes (deps): Upgrade angular-datetime-picker to v14 (3876111)
  28. Internal changes (deps): Upgrade to material v14 (c280c39)
  29. Internal changes (deps): Fix missing hues for SCSS (6a916d5)
  30. Internal changes (deps): Update @angular-eslint packages (8b0c16f)
  31. Internal changes (deps): Upgrade to angular v15 (2374336)
  32. Internal changes (deps): Upgrade to angular material v15 (6dc73b2)
  33. Internal changes (deps): Remove duplicate @include from SCSS (b35a68a)
  34. Internal changes (deps): Change default browser for CI to firefox (ab522f6)
  35. Internal changes (deps): Upgrade npm, comment out pre-build.js integrity check (ff13958)
  36. Internal changes (deps): remove –browser firefox from e2e tests (ab8b437)
  37. Internal changes (tests): Add DISPLAY=” to ci-tests (8441a51)
  38. Internal changes (deps): Remove unused protractor dependency (6e0f935)
  39. Internal changes (deps): Upgrade core.js to v3 (7aa65d3)
  40. Internal changes (deps): Remove unused protractor files (b7c312b)
  41. Internal changes (deps): Upgrade @angular-devkit/build-angular and move angular/compiler-cli to devDependencies (4cd4bc2)
  42. Internal changes (deps): Remove unused ajv dependency (b447972)
  43. Internal changes (deps): Upgrade angular-calendar (a273376)
  44. Internal changes (deps): Update rxjs to v7 (a87c0b3)
  45. Internal changes (deps): Upgrade @angular/pwa (d4850f0)
  46. Internal changes (deps): Remove array-flat-polyfill (8c527d8)
  47. Internal changes (deps): Update moment-timezone and remove uneeded @types/moment-timezone (478eb5a)
  48. Internal changes (deps): Update rest of dependencies (excluding timymce) (5ed129b)
  49. Internal changes (deps): Update jasmine to latest version (d0084df)
  50. Internal changes (deps): Upgrade karma to latest version (da8a151)
  51. Internal changes (deps): Update ts-* deps and node types (0b7abb4)
  52. Internal changes (deps): Update start-server-and-test (ee77754)
  53. Internal changes (deps): Update eslint and @typescript-eslint (4285f0d)
  54. Internal changes (deps): Update cypress to v10 (d350af9)
  55. Internal changes (deps): Update cypress to v11 (480b506)
  56. New feature (all): Store user preferences on the server (1409515)
  57. New feature (compose): Store last used HTML compose setting (dc1a75e)
  58. Bug fix (mailview): Store “prompted for local index” preference on server (0d9085e)
  59. Internal changes (preferences): Ensures tests set defaults, test correct values (035f28c)
  60. Bug fix (preferences): Remove old style local storage after conversion (7ca13b7)
  61. Bug fix (preferences): Ensure higher server version takes precedence (d8766f8)
  62. Bug fix (preferences): Load screensize before settings (da76123)
  63. Internal changes (deps): Update cypress to v12 (4ba7f7e)
  64. Internal changes (lint): Only include src/ else we run out of js heap memory (f359c38)
  65. Internal changes (deps): bump @npmcli/arborist and npm (9cf4279)
  66. Bug fix (compose): Generate Reply/Fwd header text only when needed (7afcbf7)
  67. Bug fix (compose): Convert reply/fwd text if compose HTML default is on (c512556)
  68. Bug fix (maillist): Store and reload column widths from preferences (cfb732d)
  69. Visual changes (preview): Improve formatting of the empty preview pane. (60fcacf)
  70. Visual changes (mailviewer): Increase vertical flexibility of subject field. (364272b)
  71. Visual changes (mail menu): Improve read and unread icons. (93e75ae)
  72. Bug fix (changelog): Add missing categories and improve formatting. (fd5c902)

Continue Reading →

Phishing: What it is and how to avoid being scammed

In the past few weeks there have been a series of phishing attacks aimed at a small subset of Runbox customers. The goal of these scams is to trick unsuspecting email users into clicking on malicious web links and entering their Runbox username and password, enabling the scammers to steal their password.

At Runbox we are constantly on guard against phishing attacks against our customers, and here we take a closer look at this increasing problem and some simple steps you can take to protect yourself.

As a summary, ensure that you check:

  1. The From address. Phishing messages almost always come from a random email address that do not match our list of Official Runbox Email Addresses.
  2. The message addresses you by name. Scammers typically only have lists of email addresses without any first or last names, so if the message does not address you by your first and last name it is likely to be a scam.
  3. The legitimacy of any email with links. Check where the link will actually take you. Hover over it with your mouse, and you can see whether it will in fact take you to some random address not associated with Runbox at all.
  4. Any false urgency. Runbox will never pressure you to act suddenly. Scammers may try to create a sense of urgency to persuade you to do what they’re asking.

What is phishing?

Example of a recent phishing message

Phishing is a type of cyber attack in which an attacker attempts to obtain sensitive information such as usernames, passwords, or credit card details by posing as a trustworthy entity via email messages.

The word “phishing” is derived from fishing and refers to using lures to “fish” for sensitive information. Phishing attacks typically use social engineering to gain a victim’s trust, and use spoofing such as faking an email address or URL to make the attack appear legitimate.

When phishing attacks are targeted at certain services or individuals it’s called “spear phishing”, and in this case they appear to be sent from Runbox Support, the Runbox Team, or other similar official sounding names.

Email users who are unfortunate enough to receive a spear phishing message and end up divulging their Runbox login details can end up having their Runbox accounts hijacked and used to send spam, which then forces us to suspend the accounts until the customer can regain access.

With access to an email user’s account the attackers may then be able to access their personal information and use it to commit fraud or identity theft, which can in turn result in financial loss or worse.

Naturally such account hijacking causes much confusion for the affected customers in addition to the privacy intrusion and consequences for the recipients of the spam being sent, which is often another phishing scam. The phishing then continues to cascade to new groups of innocent users of other email services, while exploiting people’s trust and rarely being caught.

It is important to understand that these scammers are criminals, and that being tricked into disclosing any login details can have serious consequences.

How to spot phishing

The easiest way to see whether a message is in fact from Runbox is to check the From address, as phishing emails almost always come from a random email address not on any Runbox domain names such as runbox.com.

Example of legitimate email from Runbox

You can find more details on this here: How can I tell whether an email is legitimate?

Another important clue is whether the email addresses you by name, or whichever name you have entered in your Runbox Account details. Attackers typically only have lists of email addresses without any first or last names, so if the message does not address you by name it is likely to be a scam.

The third way to check the legitimacy of any email which asks you to click on a link, is to check where the link will actually take you. Some phishing links look like they link to a Runbox web page, but if you hover over it with your mouse, you can see that it will in fact take you to some random address not associated with Runbox at all.

If in doubt, go to our main website Runbox at https://runbox.com for information, or contact us via Runbox Support at https://support.runbox.com.

Do not be fooled or threatened by the scams

Most phishing emails have a very urgent and even threatening tone, trying to scare the recipient into acting right away to avoid having their account shut down or disrupted.

The scammers might even read our blog or other web pages and notice that we have two webmail versions, and subsequently send messages claiming that if you don’t switch to the newer version within X days, then your account will be shut down, for instance.

Legitimate messages from the Runbox Team will always give notice about something happening in the future, or optional new features.

Catching the scammers

We are constantly working to improve our defenses against phishing attacks, spam, and viruses, and we take immediate action to remove spear phishing messages as soon as we become aware of an attack.

If you have received any scam emails like the ones described above without responding in any way then your account is perfectly safe. We do however appreciate you notifying us via Runbox Support at https://support.runbox.com so that we can take steps to protect you and our other customers against the attack.

We also highly recommend enabling our Two-Factor Authentication features, which will keep your account safe even if your password should be stolen. For more on this, please see our Account Security Help page at https://help.runbox.com/account-security/.

If you have any doubts about an email you have received, then please don’t hesitate to contact Runbox Support at https://support.runbox.com.

Continue Reading →

Runbox 7 updates November 2022 – March 2023: Performance improvements and other upgrades

Improvements to the app performance as well as several bug fixes.

  1. Visual changes (start): Improve formatting. (cdd4304)
  2. New feature ure(index): Separate message updating into its own thread (0c5470a)
  3. Internal changes (index): Tweak tests (and code to pass tests) for web workers (0a9f4b0)
  4. Bug fix (index): Ensure we verify folder counts against the api (1830cbb)
  5. style(payment): Clarify main accounts vs sub-accounts. (f5bd0ef)
  6. Visual changes (payment): Improve tables and buttons, and default to USD. (bf9d7a2)
  7. Visual changes (payment): Correct button style declarations. (6ed082a)
  8. Bug fix (test): Update tests. (5bcb46d)
  9. Internal changes (index): Tidy up some debugging code (6c80615)
  10. Internal changes (deps): bump engine.io and socket.io (9f38fd3)
  11. Internal changes (deps): bump decode-uri-component from 0.2.0 to 0.2.2 (f6d83a1)
  12. Internal changes (deps): bump tinymce from 5.10.0 to 5.10.7 (e0637d9)
  13. Internal changes (deps): bump express from 4.17.1 to 4.18.2 (f173b2c)
  14. Internal changes (index): Remove some index/worker console logging (f257902)
  15. Bug fix (messagelist): Ensure drag&drop of selected emails moves them all (633515d)
  16. New feature (messagelist): Allow drag&drop from more table columns (db21e68)
  17. Geir/condensed layout 2 (#1338) (8640b1d)
  18. Bug fix (inbox): Show notification when new messages appear (ef603ef)
  19. Geir/condensed layout 2 (#1344) (42a7a72)
  20. Bug fix (maillist): Add error catching for the mail list updating (89499bd)
  21. Bug fix (messagelist): Ensure user-actions don’t stop the index updates (509839a)
  22. Bug fix (messagelist): Log errors thrown by postMessage, keep worker alive (034dbb9)
  23. Visual changes (payment): Add link to Sub-account section. (2384b37)
  24. Internal changes (deps): bump json5 from 1.0.1 to 1.0.2 (6b8514b)
  25. Internal changes (deps): bump luxon and rrule (fe0405e)
  26. Internal changes (deps): bump qs from 6.5.2 to 6.5.3 (ac8703c)
  27. Internal changes (deps): bump moment-timezone from 0.5.28 to 0.5.35 (3516498)
  28. New feature (overview): Improve time span options. (02358ef)
  29. Internal changes (deps): bump ua-parser-js from 0.7.31 to 0.7.33 (75df34d)
  30. Internal changes (deps): bump jszip from 3.7.1 to 3.10.1 (ef32ab1)
  31. Internal changes (deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (0f6c62f)
  32. Visual changes (payment): Change description of pending/incomplete transactions. (#1371) (6952fa6)
  33. Bug fix (overview): Make Inbox selection more lenient. (50d5218)
  34. Bug fix (folders): Ensures we refresh the folder list on a name change (5fd354a)
  35. Internal changes (api): Filter for successes in te API folder calls (c13796f)
  36. Visual changes (login): Simplify and improve login screen. (#1377) (a5c5f85)
  37. Bug fix (drafts): Ensure we only refresh drafts once per folders update (f024af2)
  38. Visual changes (folders): Increase width of folders modal. (a50aa6d)

Continue Reading →

Christmas wrap-up: Runbox 7 Upgrades in 2022

Here at Runbox we have been hard at work over the past several months making improvements to Runbox 7, our cutting edge webmail app available at https://runbox.com/app.

Our goal is to develop the fastest and most user-friendly email service available, and as we’re winding down a bit for the holidays we take the opportunity to tell you all about the many bug fixes and other improvements we have made based on feedback from you, our customers.

The most noticeable change is that we have decreased the font sizes slightly, which allows a much more efficient use of the available space in your browser:

Runbox 7 screenshot

Based on your feedback we have fixed a large number of issues that makes the Runbox 7 app more streamlined in everyday use. Through a series of Quality Milestones and a thorough review of Runbox 7 feedback along with diverse support requests we have made over 70 improvements to:

  • The overall performance and reliability of the app
  • Folder and message list displays
  • Compose and the Draft Desk, including attachment handling
  • Message view including the display of HTML and images
  • Settings including Identities and Account Security
  • Contacts and Calendar interfaces
  • Product and payment pages

You can find a complete list of all the updates made to Runbox 7 as well as a detailed changelog in the Runbox 7 app itself.

After this period dedicated to improving the quality of existing functionality in Runbox 7 we are gearing up to continue implementing the Runbox 7 Roadmap in 2023, so stay tuned for new features and improvements coming your way in 2023!

Continue Reading →

Runbox 7 updates August-November 2022: Streamlining and bug fixing

Improvements and bug fixes to several parts of the app.

  1. Internal changes (deps-dev): bump karma from 6.3.2 to 6.3.16 (cf19be5)
  2. Bug fix (account-security): Load App Passwords switch enabled, if in use (cdbef1c)
  3. Internal changes (deps): bump terser from 4.8.0 to 4.8.1 (4234974)
  4. Bug fix (2fa): QRCodes for 2fa should be readable in more browsers (f450220)
  5. Bug fix (tests): Github actions tests failing, try more heap size (d96715c)
  6. Internal changes (deps): bump moment from 2.29.2 to 2.29.4 (7f25bbc)
  7. Checks the msg IDs given to API for certain endpoints are valid (ef6acfa)
  8. Replaced text for alias as per request from #1091 (dccf1a9)
  9. Adds a link to caldav sync guide on calendar (c30f4ab)
  10. Bug fix (api): Don’t show errors while loading data in the background (ac23654)
  11. Bug fix (searchservice): Fix compilation error (d4156c8)
  12. sstyle(payment): Clarify main accounts vs sub-accounts. (e7a2c18)
  13. Visual changes (payment): Improve tables and buttons, and default to USD. (84dc7e9)
  14. Visual changes (payment): Correct button style declarations. (4f4f50a)
  15. Bug fix (test): Update tests. (24ac6d0)
  16. Internal changes (calendar): Correctly ad/modify events in calendar service tests (ddeaf33)
  17. Bug fix (changelog): Ensure typos in commit entries do not break the page (09ed2e4)
  18. Visual changes (payment): Payment interface updates. (#1319) (ee47246)
  19. Bug fix (compose): Ensure we can attach same file twice in compose (014c462)
  20. Bug fix (compose): Only run one draft saving attempt at a time (bf44d90)
  21. Bug fix (compose): Adds code checks to fix issues from sentry reports (3769663)
  22. Bug fix (messaging): Ensure msg fetching works after network is restored (0233288)
  23. Bug fix (calendar): Setting “all day” flag on events now saves properly (007b2d5)
  24. Bug fix (compose): Enable drag&drop of images into HTML compose window (87a06f9)
  25. Bug fix (compose): Enable inserting attached files into HTML compose (ea1d989)
  26. Bug fix (compose): Remove drag&drop to compose html window (788fb1a)

Continue Reading →

Runbox 7 updates August-September 2020: Webmail improvements

Webmail improvements including Saved Searches, which lets you instantly bring up results of previously saved search terms.

  1. New feature (identities): Order From entries by priority
  2. New feature (dkim): Add a note about selector2 and when it will become active
  3. New feature (account security): Improve password validation and error messages on Account Security to avoid confusion
  4. New feature (dialog): Allow submitting dialogs with Enter/Return key
  5. Bugfix (canvastable): Make sort icons show actual sorting direction
  6. New feature (webmail): add a way to save and reuse searches
  7. Visual fix (app): Remove obsolete instances of mat-icons
  8. Bugfix (startdesk): Fix linter and policy errors
  9. Bugfix (folders): Improve folder count reliability in some edge cases

Continue Reading →

Runbox 7 updates July-August 2020: Performance and Contacts improvements

Improved and more consistent performance, a new menu for marking messages read and flagged, improved Contacts layout, and many other fixes and improvements.

  1. Bugfix (webmail): Update local (non-index) folder counts on refresh
  2. New feature (login): Set inputmode to show email and numeric keyboards on mobile as appropriate
  3. New feature (webmail): Always show popular recipients component if enabled, even with no local index
  4. Bugfix (account): Redirect domain renewals to domain registration app
  5. Bugfix (webmail): Ensure folder counts are updated after read/unread
  6. New feature (webmail): Change icons and tooltips when a message is deleted from trash
  7. New feature (compose): Add debug logs for measuring impact of recipient loading
  8. New feature (folder): Speed up folder size calculations
  9. New feature (webmail): Separate read/unread, flag/unflag in multi-menu
  10. Bugfix (menu): Hide account security until its backend issues are resolved
  11. Bugfix (mailviewer): Load mailpane status (vert/horiz) on page load
  12. Bugfix (compose): Set focus in textarea for replies
  13. Bugfix (contacts-app): Correct filtering options background color
  14. Bugfix (contacts-app): Fix positioning of email contact icon
  15. Bugfix (contacts-app): Make middle column width adjust to its content

Continue Reading →