RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread John Tolmachoff
> Another good way to differentiate the encoded characters is to trap on > encoding characters that _should_ be normal ASCII letters or numbers. In > theory, the only characters that should be encoded would be outside this > range so it's a good bet that encoding normal characters is an > obfuscati

RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread Madscientist
ation attempt. This will definitely need to be a weighted test though. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Thursday, December 19, 2002 1:32 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Hex Code

RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread R. Scott Perry
The problem is searching for http://%@% where % is the wildcard. I don't think this is possible with the current filters. No, that wouldn't be possible with the current filters (although the IMail filters might handle it). We will likely add two tests; one that looks for encoded characters wi

RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread Mark Smith
PROTECTED] > Subject: RE: [Declude.JunkMail] Hex Code URL's... > > > We've done some research on this and experimented with some > rules. More rule templates are coming, but as it turns out - > filtering this is harder than you might expect - depending > upon your s

RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread Madscientist
] | [mailto:[EMAIL PROTECTED]] On Behalf Of John | Tolmachoff | Sent: Thursday, December 19, 2002 12:57 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Hex Code URL's... | | | > This is a trick to make the user think that they're going | to a link on | > yahoo.

RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread Madscientist
| -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith | Sent: Thursday, December 19, 2002 12:32 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Hex Code URL's... | | | This is a trick to make the user think that they'

RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread John Tolmachoff
> This is a trick to make the user think that they're going to a link on > yahoo. > Actually this is redirecting them to IP address: > > 0xD5.0xEF.0x8F.0x9A > > or 213.239.143.154 and then encode the path. Or even worse, it could be coded to access other parts of your computer, such as Code Red

RE: [Declude.JunkMail] Hex Code URL's...

2002-12-19 Thread Mark Smith
This is a trick to make the user think that they're going to a link on yahoo. Actually this is redirecting them to IP address: 0xD5.0xEF.0x8F.0x9A or 213.239.143.154 and then encode the path. I can't see any reason to do this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL