Security Incidents mailing list archives
Re: A new technique to disguise a target URL in spam
From: "E.Kellinis" <me () cipher org uk>
Date: Mon, 5 Apr 2004 17:00:12 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This kind of filtering can probably apply to almost all fake emails we all receive from time to time. The techniques spammers rely use the following methods to fake their identity : A Variation on Dotted-Decimal IPs Octal IP address Not Dotless, But Less Dots Octal IP Addresses The password field some times is used http://www.sun.com () www cipher org uk Look at : http://www.pc-help.org/obscure.htm and Javascript on urls can be suspicious sinice it is mostly used on scam emails exploiting cross site-scripting in different websites. In This link http://www=2emcafee=2ecom/ the Hex translated wrongly so instead of %2E , =2E came out Hex value %2E is the dot '.' A filter containing all that can probably cut off big amount of spam Manos ========================================================= *PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt ========================================================= -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBQHGCiU5R4JfncDA4EQKq1wCeKw4CkGgW3ZXBVSpU5AuL4xWrJtUAoMrj leeqNsqYj7uryotQsusvTNIR =CnFa -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301 ----------------------------------------------------------------------------
Current thread:
- A new technique to disguise a target URL in spam DCISS (Apr 05)
- Re: A new technique to disguise a target URL in spam Jeremiah Cornelius (Apr 05)
- Re: A new technique to disguise a target URL in spam Stef (Apr 05)
- Re: A new technique to disguise a target URL in spam Valdis . Kletnieks (Apr 05)
- Re: A new technique to disguise a target URL in spam Jeremiah Cornelius (Apr 06)
- Re: A new technique to disguise a target URL in spam Stef (Apr 05)
- <Possible follow-ups>
- RE: A new technique to disguise a target URL in spam Mason, Seth IFC (Apr 05)
- Re: A new technique to disguise a target URL in spam E.Kellinis (Apr 05)
- RE: A new technique to disguise a target URL in spam Yao, Tongtong (HP NewZealand) (Apr 05)
- Re: A new technique to disguise a target URL in spam http-equiv () excite com (Apr 08)
- Re: A new technique to disguise a target URL in spam Jeremiah Cornelius (Apr 05)