Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SPAM with a PGP signature?

From: Valdis.Kletnieks () vt edu
Date: Mon, 21 Jul 2003 16:03:45 -0400
On Mon, 21 Jul 2003 13:54:11 EDT, KF <dotslash () snosoft com>  said:

Has anyone noticed alot of spam coming in recently with pgp sigs 
attached? What would be the benefit of doing that?


Bypassing spam filters that think that anything that's got a 'BEGIN PGP SIGNATURE'
line is non-spam.  Note that most filters just do a regexp and don't bother
checking if it's a *valid* signature...


<font color=3D"#FFFFFF">
-----BEGIN PGP SIGNATURE-----
version: pgpfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

ksie8fg4j8r7m3s9od5h2ixrqheaqqa3ysepsq0xzdhzuvskfdktfpe9xs4fhqs
wacj49dk6u883sxo4kb9u6/jnjdx6cjqnzxpetxk9b2dogll/c/60hwrpn+vujdu
xav65sop+px4knaqcciecamqj7ugcsw+cqmpnbxwyatymjafkbkh1eulc2vrwdmd
cjdi57fh43ks9cm78h4t
-----END PGP SIGNATURE-----
</font>


For bonus points, note the lack of a '--- BEGIN PGP SIGNED MESSAGE',
or other indication of exactly what data is covered by the signature.  Our
spammer is certainly not following RFC3156 ;)

Oh, and it doesn't even look like a valid signature:

% gpg  --list-packets foo.sig
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: invalid radix64 character 2d skipped
gpg: onepass_sig with unknown version 56
gpg: no valid OpenPGP data found.

If anybody is surprised by *that*, they've probably just fallen out
of a tree.... ;)

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: