[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6E4E9A51D91C044F9879FD72389600F73A6E3C@new_iron.vigilantminds.com>
From: brian.dinello at vigilantminds.com (Brian Dinello)
Subject: Spam with PGP
My personal favorite is the 'message embedded in an html table' trick
where every letter in the email is in its own cell in a table like this:
<pre>
<table cellpaddig=0 cellspacing=0>
<tr>
<td>
H
</td>
<td>
e
</td>
<td>
l
</td>
<td>
l
</td>
<td>
o
</td>
</tr>
</table>
</pre>
This defeats almost every type of spam blocking app made today. Even if
html tags are stripped. When the message is rendered in an html capable
browser, it is human readable.
Very sneaky!
Brian Dinello, CISSP
Senior Security Consultant
-----Original Message-----
From: Security Administrator [mailto:security@...aru.com]
Sent: Tuesday, October 07, 2003 9:22 AM
To: Lan Guy
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Spam with PGP
I remember hearing this is another method for bypassing spam filters.
Apparently some filters will pass e-mail with PGP signatures thinking it
is legitimate. It is an interesting concept, though.
I think my favorite is still the jpgin an html enabled e-mail with
seemingly valid information and links that is actually a link to an xss
or pr0n site. Spammers are starting to use better methodologies and soon
filtering options will be almost impossible. I find it amusing to see
what they will do next, though.
-William
#########################
security@...aru.com
I'm nobody, yet..
#########################
On Tue, 7 Oct 2003, Lan Guy wrote:
> I just got this piece of Spam, with a PGP signature!
> Lan Guy
> ----- Original Message -----
> From: <mhz2H4@...cast.com>
> To: "sackMail" <>
> Sent: Tuesday, October 07, 2003 12:30 PM
> Subject: l, i didnt know you could put that up there , h l t
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: Q5
> >
> > The following is your information. This info will make you a
> > happier person. If it does not make you a happier person maybe you
> > need to get out more.
> >
> >
> > What was that thing she put up inside;
> >
> >
> > http://200.206.184.201:8040/11/cgi/spind.pl?h=fi.dat&p=1a&lah=sq3ycn
> >
> >
> >
> > 2_._._._7
> >
> > 1) Switch your email options;
> > 3) http://200.206.184.201:8040/11/r2.html
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.2 (GNU/Linux)
> >
> > owsejfoiewur9834u9u3j4ojdflsejflkiew934udfo3i
> > sfdpo32i09rediwoejdolwesdnlfklksdjfj3409jldsfdk
> > sdnok3peodkpo3kdpo3kdnlaskdnlsakdnlwkd0-9
> > sfdpo32i09redswoejdolwesdnlfklksdjfj3409jlddfdk
> > sdlnkfsdk.fv,fe
> > -----END PGP SIGNATURE-----
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists