Full Disclosure mailing list archives
Re: SPAM with a PGP signature?
From: Valdis.Kletnieks () vt edu
Date: Mon, 21 Jul 2003 16:03:45 -0400
On Mon, 21 Jul 2003 13:54:11 EDT, KF <dotslash () snosoft com> said:
Has anyone noticed alot of spam coming in recently with pgp sigs attached? What would be the benefit of doing that?
Bypassing spam filters that think that anything that's got a 'BEGIN PGP SIGNATURE' line is non-spam. Note that most filters just do a regexp and don't bother checking if it's a *valid* signature...
<font color=3D"#FFFFFF"> -----BEGIN PGP SIGNATURE----- version: pgpfreeware 6.5.2 for non-commercial use <http://www.pgp.com> ksie8fg4j8r7m3s9od5h2ixrqheaqqa3ysepsq0xzdhzuvskfdktfpe9xs4fhqs wacj49dk6u883sxo4kb9u6/jnjdx6cjqnzxpetxk9b2dogll/c/60hwrpn+vujdu xav65sop+px4knaqcciecamqj7ugcsw+cqmpnbxwyatymjafkbkh1eulc2vrwdmd cjdi57fh43ks9cm78h4t -----END PGP SIGNATURE----- </font>
For bonus points, note the lack of a '--- BEGIN PGP SIGNED MESSAGE', or other indication of exactly what data is covered by the signature. Our spammer is certainly not following RFC3156 ;) Oh, and it doesn't even look like a valid signature: % gpg --list-packets foo.sig gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: onepass_sig with unknown version 56 gpg: no valid OpenPGP data found. If anybody is surprised by *that*, they've probably just fallen out of a tree.... ;)
Attachment:
_bin
Description:
Current thread:
- Re: SPAM with a PGP signature?, (continued)
- Re: SPAM with a PGP signature? Florian Huber (Jul 21)
- Re: SPAM with a PGP signature? tcpdumb (Jul 21)
- Re: SPAM with a PGP signature? martin f krafft (Jul 21)
- Re: Re: SPAM with a PGP signature? Jedi/Sector One (Jul 21)
- Re: Re: SPAM with a PGP signature? Justin Mason (Jul 21)
- Re: Re: SPAM with a PGP signature? Jedi/Sector One (Jul 21)
- Re: SPAM with a PGP signature? Brian Hatch (Jul 21)
- Re: SPAM with a PGP signature? security snot (Jul 21)
- Re: SPAM with a PGP signature? Kresten Kjeldgaard (Jul 21)
- Re: SPAM with a PGP signature? Linus Sjöberg (Jul 21)
- Re: SPAM with a PGP signature? KF (Jul 21)
- Re: SPAM with a PGP signature? Valdis . Kletnieks (Jul 21)
- RE: SPAM with a PGP signature? Joshua Thomas (Jul 21)
- Re: SPAM with a PGP signature? Linus Sjöberg (Jul 21)
- RE: SPAM with a PGP signature? Schmehl, Paul L (Jul 21)
- Re: SPAM with a PGP signature? Florian Huber (Jul 21)