Say what?!
Results 1 to 9 of 9

Thread: Say what?!

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Say what?!

    For giggles, I turn off html on my email. I always like to see who's spoofing who when I receive emails. I've recently received a couple of weird ones:

    PHP Code:
    From"Schmuck" <schmuck.spammer@spammers.suck.com>
    To: [email]msmittens@msmittens.com[/email]
    Subject: .*^d_o-nt be shy.. ta^ke a look    szswxkbhngzyyc
    Date
    Tue16 Dec 2003 21:58:43 +0000
    MIME
    -Version1.0
    X
    -Priority3
    X
    -MSMail-PriorityNormal
    X
    -MailerMicrosoft Outlook Express 6.00.2800.1158
    X
    -MimeOLEProduced By Microsoft MimeOLE V6.00.2800.1165
    Content
    -Typetext/html
    Content
    -Transfer-Encoding8bit
    Status

    X
    -StatusN
    X
    -KMail-EncryptionState:  
    X-KMail-SignatureState:  

    &
    lt;html>
    &
    lt;body>
    &
    lt;center>
    &
    lt;font face="verdana" size="+3">T<kstcppsdgfm>he on<kkzcpxkbwvlqsvd>ly
     sol
    <kczyyakbopj>utio<kweoyzvdpgsjcec>n t<krdejcacxsaqbn>o
     P
    <krjeuugbvqdwdgb>en<kyslskfrlwpv>is
     E
    <kerfjgdavrpmvbo>nl<kegwndbzgqgn>arge<kuqirgabltsh>ment</font> <br><font
     color
    ="white">qxhpordolsdrnd dzwvyscvcxmra</font><br>
    &
    lt;font size="+2" face="arial"><b><font
     color
    ="#F30101">O<kcyphvycogbrv>N<klcnlsrddizmo>LY THI<kkyykbvdkvqyrq>S
     WE
    <kxkridtcfhgxzrf>EK:</font></b&gtA<kuilumkvrjjfrdp>dd a<kmtxepgdhabrrlb>t
     lea
    <kdcpbvybciew>st 3 IN<kqdfyqeddko>C<kbfioypcmbl>HES o<kjbocfxcgvuyp>r
     g
    <kwzdwpncnzp>et yo<kfzrjbecloq>ur m<khkzfqgbtlbvuu>on<kzgbltxdjoafzcm>ey
     ba
    <krwnlzuqbqnd>c<kcavhjduimya>k! <br><font color="white">xtydjpioydcwdt
     jcmjjodtgjgo
    </font><br>
    &
    lt;table width="600">
    &
    lt;tr>
    &
    lt;td>
    &
    lt;font face="arial">
    W<knrvojkblgsue>e ar<kgdpyqldgbel>e s<kbcpuwobimg>o
     s
    <kudlxygbqnjd>ur<kegznkcbytei>e ou<kinpfabbsmg>r
     pr
    <kruopgxdlvjry>odu<khsytkvdgtbcio>ct wo<kwsfnjkdqjxjzh>rks
     w
    <knhbexvcjhknrp>e ar<kdpzuwisudrhibq>e
     wil
    <kzmypeezadxmld>li<ktuvhmucjarg>ng to pr<kbionafevghjjd>ove
     i
    <kmthnhhcwvfwshb>t by o<khrpgbqdfkgr>ffe<kwwrxqzdlto>ri<kmncaixceftj>ng a
     
    <b>f<kltggtccndibr>ree tr<kjyrvsxdjsgz>ia<kofntefbbhbjowc>l
     bot
    <krhwotschty>tl<kjbcnhoctthwjb>e</b> + a
     
    <kthmtjjdmcdixvc>1<kkeqpnpbguqtx>00<kbnxmoccsjaffn>% <b>mo<kvdheuwdred>ney
     ba
    <kkvloaycgblbtqv>ck
     g
    <kjxjrqycdwjrvhc>uar<kmxsrkjbudxu>ante<kppuhtbcrvsj>e</b>
     
    up<kcqwenkdlgwid>on pu<khumqufdwvaarj>rc<kcgfxhsdwqrw>ha<kaboduwdjdnq>se
     i
    <ktluzjfmkaoyhb>f yo<ksmuorwqtdhlt>u a<kqwsfqcdbbkkarb>re
     n
    <kqaemqsyrltuwc>ot sat<kvdwvqtcpzl>isfi<kxomhzzndnh>ed wit<kpcsrewsxovl>h
     th
    <knnwxqdbeixfpsx>e re<khvmkhkdyfmqgt>su<kgiozzgbfsyilc>lt<kqkgkezckzn>s.
     &
    lt;/td>
    &
    lt;/tr>
    &
    lt;/table>
    &
    lt;p><font face="verdana"
     
    size="+2"><b>-<ktuchmcxikmtob>-<kmricemvqlf>-<kzvoxlydmzjfjeb>><kjutskrcmvsa
    icc
    ></b> <A
     href
    ="http://fdgzkucgmap@controlz.us/vp/?m9n8b7v6">C<kvpppuvblrbk>li<kmqtvog
    beay
    >ck H<kfngbyndqfa>e<khfyvfjhosjgf>r<kfztxaybmuxkon>e
    T
    <khsapikbxlw>o Lea<koclmtbbkhfda>rn M<kjdshixdozm>or<kmrnrlpcwmrmba>e</a>
     &
    lt;b><-<kkxzhcedztlmclc>--<kslfsnpcnrii></b></font> <br><font
     color
    ="white">giboticvmvs lopzeoceygon</font><br>
    &
    lt;table width="600">
    &
    lt;tr>
    &
    lt;td>
    &
    lt;font face="arial">
    T<keztofidaqw>he<kaclncjuxmis>re ar<kvrpwqydxiyir>e al<kwkrvlfwehzebdc>so
     pe
    <kxyqkvqdjpt>n<kbqkkgfdzyqyofb>is pa<kpbfxbvbhajohl>tch<kafnnmpczqug>es
     a
    <kbnlipgbvuhvqp>vai<kqcgaewblgdmqp>lab<kfplyktutes>le.
     
    Si<kgogqlxdihfvd>mp<kafyvqbdbavunj>ly sl<kaozktucmlbehn>ap th<kvmxrwydepe>em
     o
    <kvuolbbbthwmxi>n l<kkmtbeaogwppzsa>ik<kxhedhvdoea>e
     ni
    <ktmklahloyj>co<kuplcwocqxocmk>tin<kctqugbgdnub>e
     p
    <kwiyzedjbvzuu>at<kjbimqudpcq>che<keyjasicsjm>s,
     &
    lt;kpbysdpcwvxo>Ju<kdnkkgvrypl>st l<kyewokbwmfmeu>ik<kbrgquqcoyqcz>e
     th
    <kfgzbaadbkjgi>e p<kjbkhzudbarljuc>en<kfkkojsbtseuz>i<kksvtcscdkdyoi>s
     e
    <kyclitjdnbaqm>nl<kbxwovjbevh>ar<kdjbdbpcjfsuk>gem<kljnyfkbqhkk>ent
     p
    <kwhyudbfmsvtn>i<kmowppfzheg>ll<ksuntlocctyz>s
     th
    <kuokzmnsvqi>er<kupiptwdlqwzo>e i<ktqhecrdlyn>s
     al
    <kldttdqcdyufjbb>s<kfwehavbdrm>o a <b>f<ksvlxawnjzvhvd>r<kxzrccgdfdrpai>ee
     tr
    <kojoyiqdytq>ial mon<kdumixgbdwlb>th</b> + <kwyidrpdrqclumz>a
     10
    <kfsjopyclcfekdr>0<kykcfwzcykplo>% <b>mo<khvholkdaojo>ney
     b
    <knrcazybnja>ac<kahmqykchjbio>k g<kajhkegjkk
     aj
    >ua<kwstevidnqgkox>ran<kvvbytndrht>te<kjwbrpycrvmk>e</b>
     
    u<kacokgqdefjckyc>p<kmwujjwuzesbm>o<kuusbtydrnvalo>n
     p
    <koxcvbdludzlddg>urc<kopforndtgwgjkl>has<kygqiumdbemyuf>e i<kfvzdvexfqwpo>f
     y
    <kxdfqpccuvrci>o<kgboivigxmg>u a<kuabxloclmjkftd>re no<kdceyehdqyz>t
     sa
    <kspcifxtqvfoyda>ti<knrbbkobnafhnec>sfi<knwqoyfcstwr>ed
     w
    <kfcmxqxbbihjc>ith th<kzqfzeqctlhra>e
     re
    <kqnfyrqdrrisezc>s<kxgwpiscxvqyesd>ult<kingbtubwtehcmc>s. </td>
    &
    lt;/tr>
    &
    lt;/table>
    &
    lt;p><font face="verdana"
     
    size="+2"><b>-<kslwlaecrhsdrg>-<kymkocpchkbq>-<ksuzrebucntusbz>></b> <A
     href
    ="http://epeqhfdgneeyur@controlz.us/patch/?m9n8b7v6">Le<ktqamppdsolo>ar<
    kijvhkzdvqh>n abo<kmxcrrhbxuvixd>ut t<kiidaifcoxay>his
    ex
    <kkxgzgtcqxm>citi<koibxhocjaaaenc>ng ne<kltyywjbrbexx>w
     p
    <kypcwgybuagc>rod<korzvukbwqbefb>u<kslexvzbmxz>ct<kifdjxpdrbru>!</a>
     &
    lt;b><<kwqdxefcpxd>-<kqdtmucbhxikvf>-<klgwxdiblufeun>-</b></font> <br><font
     color
    ="white">afwxbcdrtn daxnppcfsv</font><br>
    &
    lt;br><font color="white">hnscybbumggphb wbvqytblpiarle</font><br><p>
    &
    lt;br><font color="white">khwvgpckwfsgh uhsoxlcyxkvqe</font><br>
    &
    lt;font size="-2"><a
     href
    ="http://sefppxbilfjoh@controlz.us/patch/o.html">N<kupxflflorg>o
     mo
    <kilivyzdlpwyh>re of<kpnbeltcnqk>fe<kbkjvvlcdacdjq>rs</a></font>
    &
    lt;/html>

    ------------------------------------------------------- 
    Anyone seen anything like this? I'm guessing it's new attempts to by-pass spam filters (look carefully -- it might be an "enlarging" experience)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ms. M:

    The f'ed up tags have been around for a month or three..... What it is doing is messing up the corporate spam filters because they are pretty dumb and see it only as text - then it "passes" it because it doesn't match what it is told to look for.

    I've seen subject lines like:-

    H<wer>ll<mdkt>o, I'm M<ls8674n>ind<ghjki>y

    It really messes with my spam filter and gets through.... I'm waiting for them to update it but I have a feeling that they will want money for that update....<sigh>
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    It gets all those Viagra emails past our content filtering. We are going to have to look into a new system for blocking spam and content filtering because of this trick. We see 30 or so a day to our domain with those html tricks.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    "There are also penis patches available. Simply slap them on like nicotine patches, Just like the penis enlargement pills there is also a free trial month"


    What a deal !!!! i always wanted a penis patch ,hmm wonder where you slap them on ?
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  5. #5
    Haha. Do not the filters disregard tags? Or have it disregard comments/bad tags

    -Cheers-

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    407
    thats a pretty industrious way to get past spam filters. my question is how would you implement a system to block certain (and user configurable) tags? im not a super l337 programmer or anything, but it seems like quite a challenge.




    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  7. #7
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    I might be wrong but if you look at the HTML closely it sets some of the words and letters to the color white.
    <br><font
    color="white">qxhpordolsdrnd dzwvyscvcxmra</font><br>
    Basically making some of the text invisible to the naked eye but not the spam filter. So the spam filter is tricked because it reads words and phrases which are deemed ok. ... ". Just my guess.

    Basically if you sent an e-mail and set some hidden phrases in HTML like:
    "The day is sunny"
    "What a nice day"
    and you set the colour to white to hide those phrases I'm pretty sure that it would be able to by pass the spam filter. Pretty smart idea on the spammers part but really annoying ...

    Now how do you stop something like that ?
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  8. #8
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    There is a rather easy way to defeat this type of email.

    Don't allow HTML!

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  9. #9
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Well if anyone is interesting in learning more about spam and how to stop spam you might wanna check these articles out :
    Sophos Spam Information
    Articles about spam
    A list of articles detailing recent events concerning spam, anti-spam solutions and other news.

    White papers
    A series of papers addressing and discussing topical spam-related issues.

    Best practice
    Find out how a best practice policy regarding email account usage can be an effective tool for minimising the amount of spam that end users receive.

    Field guide to spam
    Find out about the different tricks that spammers use to try to avoid detection by anti-spam software.

    Anti-spam task force
    Some of the world's foremost anti-spam experts are working inside Sophos to optimise
    enterprise email messaging and defeat spam.
    If you are really concerned about spam and want to be informed about the latest tricks that spammers use. Well you should click on the "Field guide to spam." It will take you to a page in which:
    Sophos provides information about the latest tricks used by spammers in the "Field guide to spam", compiled by Dr John Graham-Cumming, a leading anti-spam researcher and member of the Sophos anti-spam task force.

    The "Field guide to spam" is updated every quarter and published as a PDF. The update contains the latest news about spam, new spammers' tricks and tips on ways you can keep your networks free of spam.
    Hope that you guys find this interesting and informative as I did.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •