Loading ...
Sorry, an error occurred while loading the content.
 

Re: [hackers-il] Spam, spam, wonderful spam

Expand Messages
  • Adam Morrison
    ... [...] ... They raped an old, default SunOS 5 Sendmail, which does does not record the client (except for the HELO). Nothing new about this part.
    Message 1 of 4 , Jul 9, 2000
      >
      > Spammers are starting to work hard on obfuscating their traces. Look
      > what I got today: this *appears* not to have been relayed much; and
      > the embedded URLs in the message are "encoded" with JavaScript. Quite
      > amazing, really. (My POP3 box is on netvision and fortinbras is my
      > machine. forum2.org is where mail gets addressed to.)
      >
      > Anyone feel like busting their show?

      [...]

      > Received: from idec2. ([210.103.124.223]) by forum2.org (8.8.5) id WAA27599 for <gaal@...>; Sat, 8 Jul 2000 22:07:45 -0600 (MDT)
      > X-Authentication-Warning: forum2.org: Host [210.103.124.223] claimed to be idec2.
      > Received: from x198 by idec2. (SMI-8.6/SMI-SVR4)
      > id NAA09067; Sun, 9 Jul 2000 13:05:05 +0900

      They raped an old, default SunOS 5 Sendmail, which does does not
      record the client (except for the HELO).

      Nothing new about this part.
    • Gaal Yahas
      ... I never tried rendering it :-) There s the nasty trick that auto-confirms your address doesn t bounce. I
      Message 2 of 4 , Jul 9, 2000
        On Sun, Jul 09, 2000 at 12:56:12PM +0200, Chen Shapira wrote:
        > 1. The html itself seems fucked up.
        > Does it render?

        I never tried rendering it :-)

        There's the nasty <IMG SRC="an-encoding-of-your-email-address.jpg">
        trick that auto-confirms your address doesn't bounce. I never accept
        HTML mail.

        > > <basehref=3D"http://www.mn285.COME.CC/il2/@216.71.84.44/enter.
        > > cgi" method=3D= "get">
        > this part is plain illegal.
        > BTW. was the "=3D" in the original?

        It's quoted-printable, iso-8859-1. =3D is just "=".

        > 2. The JS defines two functions d() and codeit()
        > then uses a third one decode()
        >
        > in short the JS does nil.
        > unless I got something wrong. It is only used in the begining btw. not
        > called afterwards.

        Hmmm. I didn't attempt to despaghettize it yet. Plus its javascript.

        Moose,
        Gaal
        --
        believing is seeing
        gaal@...
        http://www.forum2.org/gaal/
      • Chen Shapira
        ... oh. with the basehref it ll try to download your email from their site, showing up in the error log. Nice one. ... the =3d is ok, but 2 tags aren t
        Message 3 of 4 , Jul 9, 2000
          > There's the nasty <IMG SRC="an-encoding-of-your-email-address.jpg">
          > trick that auto-confirms your address doesn't bounce. I never accept
          > HTML mail.

          oh. with the basehref it'll try to download your email from their site,
          showing up in the error log. Nice one.

          > > > <basehref=3D"http://www.mn285.COME.CC/il2/@216.71.84.44/enter.
          > > > cgi" method=3D= "get">
          > > this part is plain illegal.
          > > BTW. was the "=3D" in the original?
          >
          > It's quoted-printable, iso-8859-1. =3D is just "=".


          the =3d is ok, but 2 <html> tags aren't :-)

          > > 2. The JS defines two functions d() and codeit()
          > > then uses a third one decode()
          > >
          > > in short the JS does nil.
          > > unless I got something wrong. It is only used in the
          > begining btw. not
          > > called afterwards.
          >
          > Hmmm. I didn't attempt to despaghettize it yet. Plus its javascript.

          Not to start a language war, but javascript is a nice scripting language,
          pretty strong too.
          It has error handling (try/catch), regexps, you can write your own objects
          (no inheretence though)... its not just bouncing pictures toy anymore. I
          wrote many programs using javascript, there's very little you can't easily
          do with it. (it does use Java's ugly date object. Yuck)

          and for the disclaimer: I do admit that
          python/c/c++/scheme/lisp/perl/java/forth/apl/ps/$your_language_of_choice is
          much much better.

          I do think its strange to see so much code in spamail, especially when its
          not used... :-)
        Your message has been successfully submitted and would be delivered to recipients shortly.