Security Basics mailing list archives
Re: Possible Payload inside PDF or HTML files
From: "security.xentek" <eric () xentek net>
Date: Wed, 13 Jun 2007 17:38:43 -0400
There are some rudimentary tracking that can be done in the HTML files, by checking the logs on their server for included images or other external assets referenced with full URLs. You can also use scripts inside the src attribute of img tags, as long as the end result is an image content type... This is done quite commonly with HTML emails where an img src is that of a PHP script (for instance) that records when the script is accessed (and possibly by whom, by coordinating record ids with the emails sent and the script doing the recording), but instead of returning text or something of that nature, it sets the content-type header to image/gif and pushes a 1x1 invisible gif to the client at the end of the routine. However the data that can be collected is probably very rudimentary as I have mentioned, since they are more than likely only recording things like email sent, email opened, and links clicked, to aggregate these as stats to measure the campaign, and is a pretty standard practice with marketing emails and the delivery providers (such as gotcorp or mailchimp).
+ eric m. + http://xentek.net + + + + + + + + + + + + + +"Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure or nothing." - Helen Keller
On Jun 12, 2007, at 8:28 PM, Danux wrote:
Hi experts, Is there a way to know if exist a payload inside a PDF or HTML File, Let me explain the problem, i marketing company is sending me emails and is able to know if i open, delete, sent to spam or forward the message so i think there is a payload inside that files. Let me tell you that the HTML file looks like a normal one without javascript or obfuscation or another malicious payload, only links and images, Is there a tool to look inside PDF files? Or a Steganos tool to test the images from HTML file? What you think? Thanks in advance -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com
Current thread:
- Possible Payload inside PDF or HTML files Danux (Jun 13)
- Re: Possible Payload inside PDF or HTML files Shawn (Jun 13)
- Re: Possible Payload inside PDF or HTML files security.xentek (Jun 13)
- Re: Possible Payload inside PDF or HTML files Alcides (Jun 14)
- Re: Possible Payload inside PDF or HTML files Danux (Jun 14)
- Re: Possible Payload inside PDF or HTML files Danux (Jun 15)
- Re: Possible Payload inside PDF or HTML files Alcides (Jun 14)
- <Possible follow-ups>
- Re: Possible Payload inside PDF or HTML files krymson (Jun 13)
- RE: Possible Payload inside PDF or HTML files David Harley (Jun 14)