Loading ...
Sorry, an error occurred while loading the content.

RE: [hackers-il] Spam, spam, wonderful spam

Expand Messages
  • Chen Shapira
    ... 1. The html itself seems fucked up. Does it render? ... this part is plain illegal. BTW. was the =3D in the original? 2. The JS defines two functions d()
    Message 1 of 4 , Jul 9, 2000
    • 0 Attachment
      > -----Original Message-----
      > From: Gaal Yahas [mailto:gaal@...]
      > Sent: Sunday, July 09, 2000 10:07 AM
      > To: hackers-il@egroups.com
      > Subject: [hackers-il] Spam, spam, wonderful spam
      >
      >
      > Spammers are starting to work hard on obfuscating their traces. Look
      > what I got today: this *appears* not to have been relayed much; and
      > the embedded URLs in the message are "encoded" with JavaScript. Quite
      > amazing, really. (My POP3 box is on netvision and fortinbras is my
      > machine. forum2.org is where mail gets addressed to.)
      >
      > Anyone feel like busting their show?

      1. The html itself seems fucked up.
      Does it render?

      > <HTML>
      > <BODY>
      > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"><html>
      > <basehref=3D"http://www.mn285.COME.CC/il2/@216.71.84.44/enter.
      > cgi" method=3D=
      > "get">

      this part is plain illegal.
      BTW. was the "=3D" in the original?

      2. The JS defines two functions d() and codeit()
      then uses a third one decode()

      in short the JS does nil.
      unless I got something wrong. It is only used in the begining btw. not
      called afterwards.

      thanks,
      CS.
    • Adam Morrison
      ... [...] ... They raped an old, default SunOS 5 Sendmail, which does does not record the client (except for the HELO). Nothing new about this part.
      Message 2 of 4 , Jul 9, 2000
      • 0 Attachment
        >
        > Spammers are starting to work hard on obfuscating their traces. Look
        > what I got today: this *appears* not to have been relayed much; and
        > the embedded URLs in the message are "encoded" with JavaScript. Quite
        > amazing, really. (My POP3 box is on netvision and fortinbras is my
        > machine. forum2.org is where mail gets addressed to.)
        >
        > Anyone feel like busting their show?

        [...]

        > Received: from idec2. ([210.103.124.223]) by forum2.org (8.8.5) id WAA27599 for <gaal@...>; Sat, 8 Jul 2000 22:07:45 -0600 (MDT)
        > X-Authentication-Warning: forum2.org: Host [210.103.124.223] claimed to be idec2.
        > Received: from x198 by idec2. (SMI-8.6/SMI-SVR4)
        > id NAA09067; Sun, 9 Jul 2000 13:05:05 +0900

        They raped an old, default SunOS 5 Sendmail, which does does not
        record the client (except for the HELO).

        Nothing new about this part.
      • Gaal Yahas
        ... I never tried rendering it :-) There s the nasty trick that auto-confirms your address doesn t bounce. I
        Message 3 of 4 , Jul 9, 2000
        • 0 Attachment
          On Sun, Jul 09, 2000 at 12:56:12PM +0200, Chen Shapira wrote:
          > 1. The html itself seems fucked up.
          > Does it render?

          I never tried rendering it :-)

          There's the nasty <IMG SRC="an-encoding-of-your-email-address.jpg">
          trick that auto-confirms your address doesn't bounce. I never accept
          HTML mail.

          > > <basehref=3D"http://www.mn285.COME.CC/il2/@216.71.84.44/enter.
          > > cgi" method=3D= "get">
          > this part is plain illegal.
          > BTW. was the "=3D" in the original?

          It's quoted-printable, iso-8859-1. =3D is just "=".

          > 2. The JS defines two functions d() and codeit()
          > then uses a third one decode()
          >
          > in short the JS does nil.
          > unless I got something wrong. It is only used in the begining btw. not
          > called afterwards.

          Hmmm. I didn't attempt to despaghettize it yet. Plus its javascript.

          Moose,
          Gaal
          --
          believing is seeing
          gaal@...
          http://www.forum2.org/gaal/
        • Chen Shapira
          ... oh. with the basehref it ll try to download your email from their site, showing up in the error log. Nice one. ... the =3d is ok, but 2 tags aren t
          Message 4 of 4 , Jul 9, 2000
          • 0 Attachment
            > There's the nasty <IMG SRC="an-encoding-of-your-email-address.jpg">
            > trick that auto-confirms your address doesn't bounce. I never accept
            > HTML mail.

            oh. with the basehref it'll try to download your email from their site,
            showing up in the error log. Nice one.

            > > > <basehref=3D"http://www.mn285.COME.CC/il2/@216.71.84.44/enter.
            > > > cgi" method=3D= "get">
            > > this part is plain illegal.
            > > BTW. was the "=3D" in the original?
            >
            > It's quoted-printable, iso-8859-1. =3D is just "=".


            the =3d is ok, but 2 <html> tags aren't :-)

            > > 2. The JS defines two functions d() and codeit()
            > > then uses a third one decode()
            > >
            > > in short the JS does nil.
            > > unless I got something wrong. It is only used in the
            > begining btw. not
            > > called afterwards.
            >
            > Hmmm. I didn't attempt to despaghettize it yet. Plus its javascript.

            Not to start a language war, but javascript is a nice scripting language,
            pretty strong too.
            It has error handling (try/catch), regexps, you can write your own objects
            (no inheretence though)... its not just bouncing pictures toy anymore. I
            wrote many programs using javascript, there's very little you can't easily
            do with it. (it does use Java's ugly date object. Yuck)

            and for the disclaimer: I do admit that
            python/c/c++/scheme/lisp/perl/java/forth/apl/ps/$your_language_of_choice is
            much much better.

            I do think its strange to see so much code in spamail, especially when its
            not used... :-)
          Your message has been successfully submitted and would be delivered to recipients shortly.