lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <004601c2625c$8ded7d20$1e01320a@drizzt>
From: nexus at patrol.i-way.co.uk (Nexus)
Subject: Interesting email trick

Hi folks,
    I'm used to the normal javascript, IFRAME launcher and webbug type
rubbish in spam/virus emails, but I recently received a variation on the
trick, using a MIME encoded URL to an exe - not seen one of these before and
wondered if anyone else has.   Needless to say it failed ;-)   Full email is
below (headers intact in the spirit of full disclosure and reader feedback)
but the HTML tags are changed so that any gentle souls that have HTML email
don't get panicked.   Nice little 'ol me eh ? ;-)
Apologies if this is old hat as it's the standard porn related dialler scam.

Cheers.

Received: from mmx (abn195-23.izmir-ports.kablonet.net.tr [195.174.195.23])
 by i-way.co.uk (8.9.3/8.9.3) with SMTP id RAA16671
 for <nexus@...rol.i-way.co.uk>; Sun, 22 Sep 2002 17:00:13 +0100
Message-Id: <200209221600.RAA16671@...ay.co.uk>
From: "coderip" <coderip@...mail.com>
To: "nexus" <nexus@...rol.i-way.co.uk>
Subject: Petek Din??z
Date: Sun, 22 Sep 02 18:48:11 GTB Standart Saati
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary=
"----=_NextPart_000_0011_4656D047.3C13EA3F"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
X-UIDL: ?DM"!I<`"!eQl!!A,H!!

------=_NextPart_000_0011_4656D047.3C13EA3F
Content-Type: text/html; charset= "windows-1254"
Content-Transfer-Encoding: base64

PGh0bWw+DQo8dGl0bGU+UGV0ZWsgRGlu5/Z6PC90aXRsZT4NCjxjZW50ZXI+DQo8YSBocmVm
PWh0dHA6Ly82NC4yMzkuNDQuMjAvZGlhbGVycy8xMDA1L2Jpemlta2l6bGFyLmV4ZSBib3Jk
ZXI9MD48aW1nIHNyYz1odHRwOi8vd3d3Lmt1ZHVyZHVtLmNvbS9wZXRlay5qcGc+PC9hPg0K
PGJyPjxpbWcgc3JjPWh0dHA6Ly93d3cua3VkdXJkdW0uY29tL2NnaS1iaW4vdm90ZS5jZ2k/
ZmlsZT10ZXN0IGhlaWdodD0xIHdpZHRoPTE+DQo8L2NlbnRlcj4NCjwvaHRtbD4gICAg
------=_NextPart_000_0011_4656D047.3C13EA3F--

To save you the few seconds needed to decode that block, it is:

[html]
[title]Petek Dint?z[/title]
[center]
[a href=http://64.239.44.20/dialers/1005/bizimkizlar.exe border=0][img
src=http:
//www.kudurdum.com/petek.jpg][/a]
[br][img src=http://www.kudurdum.com/cgi-bin/vote.cgi?file=test height=1
width=1
]
[/center]
[/html]


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ