Full Disclosure mailing list archives
Interesting email trick
From: nexus () patrol i-way co uk (Nexus)
Date: Sun, 22 Sep 2002 18:21:57 +0100
Hi folks, I'm used to the normal javascript, IFRAME launcher and webbug type rubbish in spam/virus emails, but I recently received a variation on the trick, using a MIME encoded URL to an exe - not seen one of these before and wondered if anyone else has. Needless to say it failed ;-) Full email is below (headers intact in the spirit of full disclosure and reader feedback) but the HTML tags are changed so that any gentle souls that have HTML email don't get panicked. Nice little 'ol me eh ? ;-) Apologies if this is old hat as it's the standard porn related dialler scam. Cheers. Received: from mmx (abn195-23.izmir-ports.kablonet.net.tr [195.174.195.23]) by i-way.co.uk (8.9.3/8.9.3) with SMTP id RAA16671 for <nexus () patrol i-way co uk>; Sun, 22 Sep 2002 17:00:13 +0100 Message-Id: <200209221600.RAA16671 () i-way co uk> From: "coderip" <coderip () hotmail com> To: "nexus" <nexus () patrol i-way co uk> Subject: Petek Dinçöz Date: Sun, 22 Sep 02 18:48:11 GTB Standart Saati MIME-Version: 1.0 Content-Type: multipart/mixed;boundary= "----=_NextPart_000_0011_4656D047.3C13EA3F" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 X-UIDL: ?DM"!I<`"!eQl!!A,H!! ------=_NextPart_000_0011_4656D047.3C13EA3F Content-Type: text/html; charset= "windows-1254" Content-Transfer-Encoding: base64 PGh0bWw+DQo8dGl0bGU+UGV0ZWsgRGlu5/Z6PC90aXRsZT4NCjxjZW50ZXI+DQo8YSBocmVm PWh0dHA6Ly82NC4yMzkuNDQuMjAvZGlhbGVycy8xMDA1L2Jpemlta2l6bGFyLmV4ZSBib3Jk ZXI9MD48aW1nIHNyYz1odHRwOi8vd3d3Lmt1ZHVyZHVtLmNvbS9wZXRlay5qcGc+PC9hPg0K PGJyPjxpbWcgc3JjPWh0dHA6Ly93d3cua3VkdXJkdW0uY29tL2NnaS1iaW4vdm90ZS5jZ2k/ ZmlsZT10ZXN0IGhlaWdodD0xIHdpZHRoPTE+DQo8L2NlbnRlcj4NCjwvaHRtbD4gICAg ------=_NextPart_000_0011_4656D047.3C13EA3F-- To save you the few seconds needed to decode that block, it is: [html] [title]Petek Dint÷z[/title] [center] [a href=http://64.239.44.20/dialers/1005/bizimkizlar.exe border=0][img src=http: //www.kudurdum.com/petek.jpg][/a] [br][img src=http://www.kudurdum.com/cgi-bin/vote.cgi?file=test height=1 width=1 ] [/center] [/html]
Current thread:
- Interesting email trick Nexus (Sep 22)