Security Incidents mailing list archives
RE: Strange hidden messages in email
From: brett () benders net
Date: Fri, 26 Apr 2002 12:37:46 -0500
Usually they are a very generic advertisement but if you view the source of the message they have hidden messages in them. The first one had "Mary had a little lamb" hidden all throughout the message, but others have different messages hidden in the source.
This looks like a technique to confound a couple of strategies for identifying spam. Suppose you are searching a message body for certain keywords ("mortgage") to determine if it is spam. Breaking up those keywords with HTML comments will defeat a string match, while still displaying the keyword to the email's recipient (assuming they use an email client that displays HTML). Now, suppose you check a message against digests or signatures calculated from previously seen spam (e.g. using Vipul's Razor). The spammer can write a single email, then modify each sent copy with randomized/different comment strings (this also applies to emails with random alphanumeric strings appended to an otherwise normal subject line). The email's various recipient's will each see the same message -- but they will calculate completely different signatures. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange hidden messages in email Jim Cockerham (Apr 26)
- Re: Strange hidden messages in email Matt Beland (Apr 26)
- Re: Strange hidden messages in email Michal Zalewski (Apr 26)
- <Possible follow-ups>
- RE: Strange hidden messages in email brett (Apr 26)