Well, if it's really a problem, the spaces don't have to be random, but it shouldn't be difficult in most scripting languages to strip spaces in a string that shouldn't contain any spaces.
-- David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC > -----Original Message----- > From: freed0 [mailto:[EMAIL PROTECTED] > Sent: 29 August 2008 17:52 > To: [EMAIL PROTECTED] > Cc: botnets@whitestar.linuxbox.org > Subject: Re: [botnets] [URL formats] > > Spaces suck because they are never in the same place and then > you cannot really easily automate the import process into > whatever system you may have that would work on it. I think > that the "hxxp[x]" solution is an easy and fine one that it > easy for everyone to use. > > Using any other type of obfuscation is just silly. We are > all supposed to be professionals here. By doing any form of > rot13 or otherwise would prevent a quick eye-ball of the > information to see if there was anything interesting. You > would have to use an external process. That would eliminate > those that just want to look for the one or two interesting items. > > > Richard > > David Harley wrote: > > I tend to use hxxp[s]:// -and- some random spaces. Substituting for > > the xx's and stripping the spaces isn't usually going to be > a problem for scripting. > > > > -- > > David Harley BA CISSP FBCS CITP > > Director of Malware Intelligence > > ESET LLC > > > > > > > > > > > > I think it's better to add some SPACEes in the URL, kind of > break it, > > since Gmail will convert it to clickable URL if only > substitute http to hxxp. > > > > > > > > > > > ---------------------------------------------------------------------- > > -- > > > > _______________________________________________ > > botnets@, the public's dumping ground for maliciousness All > list and > > server information are public and available to law > enforcement upon request. > > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
