Full Disclosure mailing list archives
RE: Spam with PGP
From: "Brian Dinello" <brian.dinello () vigilantminds com>
Date: Tue, 7 Oct 2003 11:24:36 -0400
My personal favorite is the 'message embedded in an html table' trick where every letter in the email is in its own cell in a table like this: <pre> <table cellpaddig=0 cellspacing=0> <tr> <td> H </td> <td> e </td> <td> l </td> <td> l </td> <td> o </td> </tr> </table> </pre> This defeats almost every type of spam blocking app made today. Even if html tags are stripped. When the message is rendered in an html capable browser, it is human readable. Very sneaky! Brian Dinello, CISSP Senior Security Consultant -----Original Message----- From: Security Administrator [mailto:security () saharu com] Sent: Tuesday, October 07, 2003 9:22 AM To: Lan Guy Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Spam with PGP I remember hearing this is another method for bypassing spam filters. Apparently some filters will pass e-mail with PGP signatures thinking it is legitimate. It is an interesting concept, though. I think my favorite is still the jpgin an html enabled e-mail with seemingly valid information and links that is actually a link to an xss or pr0n site. Spammers are starting to use better methodologies and soon filtering options will be almost impossible. I find it amusing to see what they will do next, though. -William ######################### security () saharu com I'm nobody, yet.. ######################### On Tue, 7 Oct 2003, Lan Guy wrote:
I just got this piece of Spam, with a PGP signature! Lan Guy ----- Original Message ----- From: <mhz2H4 () comcast com> To: "sackMail" <> Sent: Tuesday, October 07, 2003 12:30 PM Subject: l, i didnt know you could put that up there , h l t-----BEGIN PGP SIGNED MESSAGE----- Hash: Q5 The following is your information. This info will make you a happier person. If it does not make you a happier person maybe you need to get out more. What was that thing she put up inside; http://200.206.184.201:8040/11/cgi/spind.pl?h=fi.dat&p=1a&lah=sq3ycn 2_._._._7 1) Switch your email options; 3) http://200.206.184.201:8040/11/r2.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (GNU/Linux) owsejfoiewur9834u9u3j4ojdflsejflkiew934udfo3i sfdpo32i09rediwoejdolwesdnlfklksdjfj3409jldsfdk sdnok3peodkpo3kdpo3kdnlaskdnlsakdnlwkd0-9 sfdpo32i09redswoejdolwesdnlfklksdjfj3409jlddfdk sdlnkfsdk.fv,fe -----END PGP SIGNATURE-----_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Spam with PGP, (continued)
- Re: Spam with PGP Jonathan A. Zdziarski (Oct 07)
- RE: [inbox] Re: Spam with PGP Curt Purdy (Oct 08)
- Re: Spam with PGP Security Administrator (Oct 07)
- Re: Spam with PGP Shawn McMahon (Oct 07)
- Re: Spam with PGP Sebastian Niehaus (Oct 07)
- Re: Spam with PGP Shawn McMahon (Oct 07)
- Break Macromedia Activation Alex (Oct 07)
- RE: Spam with PGP Andy Wood (Oct 07)
- RE: Spam with PGP Brown, Randy (InfoSec) (Oct 07)
- Re: Spam with PGP Dave Howe (Oct 07)
- Re: Spam with PGP DAN MORRILL (Oct 07)
- RE: Spam with PGP Brian Dinello (Oct 07)
- Re: Spam with PGP Thomas Binder (Oct 07)
- Re: Spam with PGP MaX Flebus (Oct 07)
- Re: Spam with PGP Curt Purdy (Oct 08)
- Re: Spam with PGP Steffen Kluge (Oct 09)
- Re: Spam with PGP Curt Purdy (Oct 08)
- RE: Spam with PGP Zach Forsyth (Oct 07)
- Spam with PGP Olivier (Oct 08)
- RE: Spam with PGP Bassett, Mark (Oct 09)