| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4ad862c40511131656i3389c1c3n22baaff1cc15b0d4@mail.gmail.com> Date: Mon Nov 14 03:22:36 2005 From: peter.harvey at gmail.com (Peter Harvey) Subject: Phishing attack. Basic encoding I have had a number of reports of messages targetting users on domains for their credentials. The interesting part of this message is the very basic but effective encoding of the message. It appears that there are a couple of characters that instruct the mail program to display the characters in the reverse order. An example is attached. This appears to be random in the characters reversed based on a number of examples forwarded. I would say this is a simple yet effective way of bypassing signature based filters. They also appear to be bouncing through Google to the compromised website for phishing credentials. I am guessing it is phishing as the websites that I have seen were unavailable at the time. -- Peter -- -------------- next part -------------- ???D???ae???r domain.com M???rebme???,We m???su???t ch???kce??? t???ah???t y???ruo??? domain.com ID was regi???rets???ed by real pe???po???le. So, to he???pl??? domain.com pre???ev???nt a???etamotu???d<BR>regi???noitarts???s, p???el???ase cl???ci???k on th???si??? li???kn??? and comp???tel???e c???edo??? v???noitacifire??? p???or???cess:<BR><BR><A href="http://www.google.be/url?q=http://%73%54a%6e%09%44%41r%74Z%61.C%4fm/%63%67%69-b%69n/po%63h/%72%65%64%69%72.cgi?s=domain.com">http://domain.com/CpSvwGwKq0SOIaGvclOhATTedGs7fQVgtBQS8jfgHmTEUf4pfNhzJ5ild6u43p8</A> T???knah??? you.
Powered by blists - more mailing lists