Security Incidents mailing list archives

Strange hidden messages in email

From: "Jim Cockerham" <jcockerham () acsjava com>
Date: Fri, 26 Apr 2002 12:38:39 -0400

Hello,
I have been receiving strange emails for a few weeks from a domain in
Korea. The return addresses are always fake msn or yahoo accounts but if
I view the source they always come from a domain in Korea. Usually they
are a very generic advertisement but if you view the source of the
message they have hidden messages in them. The first one had "Mary had a
little lamb" hidden all throughout the message, but others have different
messages hidden in the source. They are usually addressed to my email
account with several other CC: addresses . I don't know if there is any
reason for concern . Below is a copy of the source from one of the messages
, The actual message viewable in Outlook express was just a simple
link.................


Return-Path: <PayLessforyuourhome () msn com>
Received: from dns.email.totovil.co.kr ([211.173.193.121])
 by scooby1.korksoft.com (8.11.0/8.11.3) with SMTP id g3PIS0S10742
 for <jcockerham () acsjava com>; Thu, 25 Apr 2002 14:28:01 -0400
Received: from smtp0251.mail.yahoo.com (unverified [66.176.28.129]) by
dns.email.totovil.co.kr
 (EMWAC SMTPRS 0.83) with SMTP id <B0001382219 () dns email totovil co kr>;
 Fri, 26 Apr 2002 03:11:06 +0900
Message-ID: <B0001382219 () dns email totovil co kr>
Reply-To: PayLessforyuourhome () msn com
From: PayLessforyuourhome311000 () msn com
To: jcockerham () acsjava com
CC: homken () aol com, donbrock () att net, isaac0013 () hotmail com
Subject: refinance - no credit checks 3110000000000000000
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Date: Sat, 16 Feb 2002 09:55:05 -0800
Status:

<html>

<body>



<a href="http://63.172.198.109/cgi-bin/best_rate_virtual.cgi?code=btmo6";>
<b>
Cl<!--how are you-->ick Here To F<!--tell dad hi-->ind The Be<!--ok
here-->st D<!--love-->eal On Yo<!--home-->ur Ne<!--june-->xt Mo<!-wedding
party-->rtgage</b></a><br>
</font></p>

</body>
<font color="ffffff">
</html>
3110000000000000000


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Strange hidden messages in email Jim Cockerham (Apr 26)
- Re: Strange hidden messages in email Matt Beland (Apr 26)
- Re: Strange hidden messages in email Michal Zalewski (Apr 26)
- <Possible follow-ups>
- RE: Strange hidden messages in email brett (Apr 26)