What is this email trying to do?
This is a discussion on What is this email trying to do? within the Linux Security forums, part of the System Security and Security Related category; On 17 Mar, 19:53, ibupro...@painkiller.example.tld (Moe Trin) wrote: > On Mon, 17 Mar 2008, in the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-18-2008
|
|||
|
|||
Re: What is this email trying to do?
On 17 Mar, 19:53, ibupro...@painkiller.example.tld (Moe Trin) wrote:
> On Mon, 17 Mar 2008, in the Usenet newsgroup comp.os.linux.security, in article > > <ni62b5-npa....@dougshost.douglaidlaw.net>, Doug Laidlaw wrote: > >Just got the same thing again. *3x w, which could be www. but > >119 doesn't appear in the ASCII table at all, and the next ones are > >.l "&" + another nonexistent one. *The complete line runs > >off the page. *No wonder I couldn't put them in a Web page and get > >any sense out of them. > > Have you tried using 'decimal' rather than octal or hex? > > w -> w > . * *-> . > l * -> l > > That's an old spammer's trick for obfuscation of addresses and URLs. > The leading '&#' tells some browsers that this character is shown in > decimal. *I'm not sure, but I think it's merely using an 8 bit (or > multi-byte) character set instead of ASCII. I think it's a feature of > the browsers most idiots use to read their mail. If you look at the > man pages for the other character sets It sounds like you're seeing the spam aimed at Outlook and other clients that automagically transform such debris into URL's. I'm also seeing a lot of Unicode, foreign language spew lately, so it could be in a language you're not set up to display. Spammers will try *anything*, so it's hard to guess which it is without a copy of the spew. 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 11:42 PM.
