Bugtraq mailing list archives
Re: HTML email "bug", of sorts.
From: james_kelley () kindredhealthcare com
Date: Sun, 19 Aug 2001 16:05:01 -0400
I've used this in the past to track someone who was reading a co-workers e-mail to his detriment. I setup a website called SnoopAlarm.com ( which is not open for public use yet ) that would record all of the information about a person running a CGI program that issued a Content-Type: image/gif. I then sent my co-worker an e-mail with the 'image' CGI included. When the person read his mail the CGI program allowed the snooper to see an image, while the CGI sent a pager alert to the campus police where the crime was taking place. --- James Kelley (502)767-4024 1205-203 Winter Springs Court Louisville, KY 40243 I'm not sure this is the proper forum for "conspiracy-theory" bugs, but I figured this would be of interest to anyone trying to prevent the names of valid email accounts they either own or administer from being verified and added to "official" known-good spam rosters. You may have heard of "web-bugs" before. Or you may not have. For the benefit of the less-experienced, here's what they are and what they do: "Web bugs" are small, 1x1 (or similar-sized) transparent GIF images which can be used to track the movement of a user around the web. About 1 in 10 sites use them. Their effectiveness at this task is somewhat questionable, but they can be used more effectively for a different task: I've started noticing something very disturbing in the HTML in spam mails recently. I've started seeing web bugs. Below is an example from a recent email: <img src="http://www.megahardcoresex.com/sites/XXXXXXXX0 (continued) 3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakko () bitey net" width="1" height="1"> See it? A web bug. If I opened this mail in an HTML-capable browser, that little image would've popped up and I would've been none the wiser. My address would also have been verified by the sender, and stored in a large database of valid recipients. So, anyone have any idea of how to deal with this latest little spammer toy? Is there any effective way to filter out web bugs without adversely affecting the delivery intact of legitimate messages? Could software change to at least warn viewers that this HTML viewer is accessing offsite content? Is it worth doing? Anyone? Bueller? - A.P
Current thread:
- Re: HTML email "bug", of sorts. thomas . rowe (Aug 19)
- Re: HTML email "bug", of sorts. Thor (Aug 19)
- RE: HTML email "bug", of sorts. David LeBlanc (Aug 20)
- <Possible follow-ups>
- Re: HTML email "bug", of sorts. james_kelley (Aug 19)
- Re: HTML email "bug", of sorts. Alex Prestin (Aug 19)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re[2]: HTML email "bug", of sorts. Mark Tinberg (Aug 20)
- Re: HTML email "bug", of sorts. Peter W (Aug 21)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re: HTML email "bug", of sorts. Bear Giles (Aug 20)
- Re: HTML email "bug", of sorts. Sean Straw / PSE (Aug 21)
- Re: HTML email "bug", of sorts. Curt Sampson (Aug 21)
- RE: HTML email "bug", of sorts. Ben Yu (Aug 20)
- Re: HTML email "bug", of sorts. Jeffrey W. Dronenburg (Aug 21)