Re: A phish I don't understand.

[Valdis.Kletnieks () vt edu]

On Wed, 09 Aug 2006 17:40:10 BST, Drsolly said:

> Yes, but what I'm wondering is, how can it work? If you type in the 
> address in the PNG, you get to the genuine site. Don't you?

If I had a nickel for every time I got a phish that had MIME so badly
mangled I had to attack it with a can opener to verify it was a phish,
I'd have enough for a nice trip around the world...

Actual crap I've seen:

Content-type: text/plain; Content-Transfer-Encoding8bit=

Content-Type: multipart/related;
        type="multipart/alternative";
        boundary="----=_NextPart_000_000E_01C6AAC5.934E01C0"

And I don't know *how* many times I've seen crap like:

Content-transfer-Encoding=quoted-printable

R0lGODdhCwAeAcYAAM/PzolNW2AAF5FbZ2wWK2UJH5BaZ8jKxFqBLkVzEVqBLYWeaM7OzE55HbrB
sV6ENLa/rGyNR6i1msjKxXqWWZirg4yicoaeasfKw055Hpapf36ZX4yicWmLQ6KxkG+PS8bJwUx4

or

Content-Transfer-Encoding=base64

flow rearrangement, skepticism that sensation a kinfolk of conservator =
guarantor an eerie zigzag, obese roulette, and ethnic, the proven, =
indiscriminate the opportunistic of by carat... companion heist PIN the =
shrink-wrap, of sabotage, the blender tricky and... regal qualification, =

(No, neither borked C-T-E works very well.. :)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.