My personal favorite is the 'message embedded in an html table' trick where every letter in the email is in its own cell in a table like this:
<pre> <table cellpaddig=0 cellspacing=0> <tr> <td> H </td> <td> e </td> <td> l </td> <td> l </td> <td> o </td> </tr> </table> </pre> This defeats almost every type of spam blocking app made today. Even if html tags are stripped. When the message is rendered in an html capable browser, it is human readable. Very sneaky! Brian Dinello, CISSP Senior Security Consultant -----Original Message----- From: Security Administrator [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 9:22 AM To: Lan Guy Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Spam with PGP I remember hearing this is another method for bypassing spam filters. Apparently some filters will pass e-mail with PGP signatures thinking it is legitimate. It is an interesting concept, though. I think my favorite is still the jpgin an html enabled e-mail with seemingly valid information and links that is actually a link to an xss or pr0n site. Spammers are starting to use better methodologies and soon filtering options will be almost impossible. I find it amusing to see what they will do next, though. -William ######################### [EMAIL PROTECTED] I'm nobody, yet.. ######################### On Tue, 7 Oct 2003, Lan Guy wrote: > I just got this piece of Spam, with a PGP signature! > Lan Guy > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: "sackMail" <> > Sent: Tuesday, October 07, 2003 12:30 PM > Subject: l, i didnt know you could put that up there , h l t > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: Q5 > > > > The following is your information. This info will make you a > > happier person. If it does not make you a happier person maybe you > > need to get out more. > > > > > > What was that thing she put up inside; > > > > > > http://200.206.184.201:8040/11/cgi/spind.pl?h=fi.dat&p=1a&lah=sq3ycn > > > > > > > > 2_._._._7 > > > > 1) Switch your email options; > > 3) http://200.206.184.201:8040/11/r2.html > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.2 (GNU/Linux) > > > > owsejfoiewur9834u9u3j4ojdflsejflkiew934udfo3i > > sfdpo32i09rediwoejdolwesdnlfklksdjfj3409jldsfdk > > sdnok3peodkpo3kdpo3kdnlaskdnlsakdnlwkd0-9 > > sfdpo32i09redswoejdolwesdnlfklksdjfj3409jlddfdk > > sdlnkfsdk.fv,fe > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
