Home page logo

bugtraq logo Bugtraq mailing list archives

Re: HTML email "bug", of sorts.
From: "John D. Hardin" <jhardin () impsec org>
Date: Sat, 18 Aug 2001 21:40:05 -0700 (PDT)

On Sat, 18 Aug 2001, Alex Prestin wrote:

src="http://www.megahardcoresex.com/sites/XXXXXXXX0 (continued)
3b/sf03b08152001.gif?M=XXXXXXXXX&ID=wakko () bitey net" width="1" height="1"> 

See it?  A web bug.  If I opened this mail in an HTML-capable
browser, that little image would've popped up and I would've been
none the wiser.  My address would also have been verified by the
sender, and stored in a large database of valid recipients.

This is well-known. BGSOUND tags are also vulnerable to misuse in this

So, anyone have any idea of how to deal with this latest little
spammer toy?  Is there any effective way to filter out web bugs
without adversely affecting the delivery intact of legitimate


(If you're running a procmail-capable mail server.)

Looking at the tag above shows you what it does...

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin () impsec org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
   1172 days until the Presidential Election

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]