Well, if it's really a problem, the spaces don't have to be random, but it
shouldn't be difficult in most scripting languages to strip spaces in a
string that shouldn't contain any spaces.
--
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET LLC
-Original Message-
From: freed0 [mailto:[EMAIL PROTECTED]
Sent: 29 August 2008 17:52
To: [EMAIL PROTECTED]
Cc: botnets@whitestar.linuxbox.org
Subject: Re: [botnets] [URL formats]
Spaces suck because they are never in the same place and then
you cannot really easily automate the import process into
whatever system you may have that would work on it. I think
that the hxxp[x] solution is an easy and fine one that it
easy for everyone to use.
Using any other type of obfuscation is just silly. We are
all supposed to be professionals here. By doing any form of
rot13 or otherwise would prevent a quick eye-ball of the
information to see if there was anything interesting. You
would have to use an external process. That would eliminate
those that just want to look for the one or two interesting items.
Richard
David Harley wrote:
I tend to use hxxp[s]:// -and- some random spaces. Substituting for
the xx's and stripping the spaces isn't usually going to be
a problem for scripting.
--
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET LLC
I think it's better to add some SPACEes in the URL, kind of
break it,
since Gmail will convert it to clickable URL if only
substitute http to hxxp.
--
--
___
botnets@, the public's dumping ground for maliciousness All
list and
server information are public and available to law
enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
___
botnets@, the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
