Security Incidents mailing list archives
Strange hidden messages in email
From: "Jim Cockerham" <jcockerham () acsjava com>
Date: Fri, 26 Apr 2002 12:38:39 -0400
Hello, I have been receiving strange emails for a few weeks from a domain in Korea. The return addresses are always fake msn or yahoo accounts but if I view the source they always come from a domain in Korea. Usually they are a very generic advertisement but if you view the source of the message they have hidden messages in them. The first one had "Mary had a little lamb" hidden all throughout the message, but others have different messages hidden in the source. They are usually addressed to my email account with several other CC: addresses . I don't know if there is any reason for concern . Below is a copy of the source from one of the messages , The actual message viewable in Outlook express was just a simple link................. Return-Path: <PayLessforyuourhome () msn com> Received: from dns.email.totovil.co.kr ([211.173.193.121]) by scooby1.korksoft.com (8.11.0/8.11.3) with SMTP id g3PIS0S10742 for <jcockerham () acsjava com>; Thu, 25 Apr 2002 14:28:01 -0400 Received: from smtp0251.mail.yahoo.com (unverified [66.176.28.129]) by dns.email.totovil.co.kr (EMWAC SMTPRS 0.83) with SMTP id <B0001382219 () dns email totovil co kr>; Fri, 26 Apr 2002 03:11:06 +0900 Message-ID: <B0001382219 () dns email totovil co kr> Reply-To: PayLessforyuourhome () msn com From: PayLessforyuourhome311000 () msn com To: jcockerham () acsjava com CC: homken () aol com, donbrock () att net, isaac0013 () hotmail com Subject: refinance - no credit checks 3110000000000000000 Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sat, 16 Feb 2002 09:55:05 -0800 Status: <html> <body> <a href="http://63.172.198.109/cgi-bin/best_rate_virtual.cgi?code=btmo6"> <b> Cl<!--how are you-->ick Here To F<!--tell dad hi-->ind The Be<!--ok here-->st D<!--love-->eal On Yo<!--home-->ur Ne<!--june-->xt Mo<!-wedding party-->rtgage</b></a><br> </font></p> </body> <font color="ffffff"> </html> 3110000000000000000 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange hidden messages in email Jim Cockerham (Apr 26)
- Re: Strange hidden messages in email Matt Beland (Apr 26)
- Re: Strange hidden messages in email Michal Zalewski (Apr 26)
- <Possible follow-ups>
- RE: Strange hidden messages in email brett (Apr 26)