Bugtraq mailing list archives

Re: HTML email "bug", of sorts.

From: james_kelley () kindredhealthcare com
Date: Sun, 19 Aug 2001 16:05:01 -0400



     I've used this in the past to track someone who was reading a
co-workers e-mail to his detriment.
I setup a website called SnoopAlarm.com ( which is not open for public use
yet ) that would record all
of the information about a person running a CGI program that issued a
Content-Type: image/gif.  I then
sent my co-worker an e-mail with the 'image' CGI included.  When the person
read his mail the CGI
program allowed the snooper to see an image, while the CGI sent a pager
alert to the campus police
where the crime was taking place.

---
James Kelley
(502)767-4024
1205-203 Winter Springs Court
Louisville, KY 40243





I'm not sure this is the proper forum for "conspiracy-theory" bugs, but I
figured this would be of interest to anyone trying to prevent the names of
valid email accounts they either own or administer from being verified and
added to "official" known-good spam rosters.

You may have heard of "web-bugs" before.  Or you may not have.  For the
benefit of the less-experienced, here's what they are and what they do:

"Web bugs" are small, 1x1 (or similar-sized) transparent GIF images which
can be used to track the movement of a user around the web.  About 1 in 10
sites use them.  Their effectiveness at this task is somewhat
questionable, but they can be used more effectively for a different task:

I've started noticing something very disturbing in the HTML in spam mails
recently.  I've started seeing web bugs.  Below is an example from a
recent email:

<img
src="http://www.megahardcoresex.com/sites/XXXXXXXX0 (continued)
3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakko () bitey net" width="1" height="1">

See it?  A web bug.  If I opened this mail in an HTML-capable browser,
that little image would've popped up and I would've been none the
wiser.  My address would also have been verified by the sender, and stored
in a large database of valid recipients.

So, anyone have any idea of how to deal with this latest little spammer
toy?  Is there any effective way to filter out web bugs without adversely
affecting the delivery intact of legitimate messages?  Could software
change to at least warn viewers that this HTML viewer is accessing offsite
content?  Is it worth doing?

Anyone?  Bueller?

- A.P

Current thread:

Re: HTML email "bug", of sorts. thomas . rowe (Aug 19)
- Re: HTML email "bug", of sorts. Thor (Aug 19)
- RE: HTML email "bug", of sorts. David LeBlanc (Aug 20)
- <Possible follow-ups>
- Re: HTML email "bug", of sorts. james_kelley (Aug 19)
- Re: HTML email "bug", of sorts. Alex Prestin (Aug 19)
  - Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
    - Re[2]: HTML email "bug", of sorts. Mark Tinberg (Aug 20)
    - Re: HTML email "bug", of sorts. Peter W (Aug 21)
  - Re: HTML email "bug", of sorts. Bear Giles (Aug 20)
    - Re: HTML email "bug", of sorts. Sean Straw / PSE (Aug 21)
    - Re: HTML email "bug", of sorts. Curt Sampson (Aug 21)
- RE: HTML email "bug", of sorts. Ben Yu (Aug 20)
- Re: HTML email "bug", of sorts. Jeffrey W. Dronenburg (Aug 21)