Full Disclosure mailing list archives

RE: Spam with PGP

From: "Brian Dinello" <brian.dinello () vigilantminds com>
Date: Tue, 7 Oct 2003 11:24:36 -0400

My personal favorite is the 'message embedded in an html table' trick
where every letter in the email is in its own cell in a table like this:

<pre>
<table cellpaddig=0 cellspacing=0>
<tr>
<td>
H
</td>
<td>
e
</td>
<td>
l
</td>
<td>
l
</td>
<td>
o
</td>
</tr>
</table>
</pre>

This defeats almost every type of spam blocking app made today.  Even if
html tags are stripped.  When the message is rendered in an html capable
browser, it is human readable.

Very sneaky!  

Brian Dinello, CISSP
Senior Security Consultant




-----Original Message-----
From: Security Administrator [mailto:security () saharu com] 
Sent: Tuesday, October 07, 2003 9:22 AM
To: Lan Guy
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Spam with PGP



 I remember hearing this is another method for bypassing spam filters.
Apparently some filters will pass e-mail with PGP signatures thinking it
is legitimate. It is an interesting concept, though.

 I think my favorite is still the jpgin an html enabled e-mail with
seemingly valid information and links that is actually a link to an xss
or pr0n site. Spammers are starting to use better methodologies and soon
filtering options will be almost impossible. I find it amusing to see
what they will do next, though.

-William

#########################
  security () saharu com
   I'm nobody, yet..
#########################

On Tue, 7 Oct 2003, Lan Guy wrote:

I just got this piece of Spam, with a PGP signature!
Lan Guy
----- Original Message -----
From: <mhz2H4 () comcast com>
To: "sackMail" <>
Sent: Tuesday, October 07, 2003 12:30 PM
Subject: l, i didnt know you could put that up there , h l t

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: Q5

 The following is your information.  This info will make you a 
happier  person. If it does not make you a happier person maybe you 
need  to get out more.


What was that thing she put up inside;

  
http://200.206.184.201:8040/11/cgi/spind.pl?h=fi.dat&p=1a&lah=sq3ycn



2_._._._7

1) Switch your email options;
3)  http://200.206.184.201:8040/11/r2.html



-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.2 (GNU/Linux)

owsejfoiewur9834u9u3j4ojdflsejflkiew934udfo3i
sfdpo32i09rediwoejdolwesdnlfklksdjfj3409jldsfdk
sdnok3peodkpo3kdpo3kdnlaskdnlsakdnlwkd0-9
sfdpo32i09redswoejdolwesdnlfklksdjfj3409jlddfdk
sdlnkfsdk.fv,fe
 -----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Spam with PGP, (continued)
- - - Re: Spam with PGP Jonathan A. Zdziarski (Oct 07)
    - RE: [inbox] Re: Spam with PGP Curt Purdy (Oct 08)
- Re: Spam with PGP Security Administrator (Oct 07)
  - Re: Spam with PGP Shawn McMahon (Oct 07)
    - Re: Spam with PGP Sebastian Niehaus (Oct 07)
- Break Macromedia Activation Alex (Oct 07)
- RE: Spam with PGP Andy Wood (Oct 07)
- RE: Spam with PGP Brown, Randy (InfoSec) (Oct 07)
  - Re: Spam with PGP Dave Howe (Oct 07)
- Re: Spam with PGP DAN MORRILL (Oct 07)
- RE: Spam with PGP Brian Dinello (Oct 07)
  - Re: Spam with PGP Thomas Binder (Oct 07)
- Re: Spam with PGP MaX Flebus (Oct 07)
  - Re: Spam with PGP Curt Purdy (Oct 08)
    - Re: Spam with PGP Steffen Kluge (Oct 09)
- RE: Spam with PGP Zach Forsyth (Oct 07)
- Spam with PGP Olivier (Oct 08)
- RE: Spam with PGP Bassett, Mark (Oct 09)