Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A new technique to disguise a target URL in spam

From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 6 Apr 2004 22:57:32 -0000


 <!--

 In This link http://www=2emcafee=2ecom/ the Hex translated 
wrongly so instead of %2E , =2E came out Hex value %2E is the 
dot '.'

 -->

this is nothing more than 

Content-Transfer-Encoding: quoted-printable  

the default encoding scheme of Outlook Express mail client 
[possibly others]. The whole html form gimmick POC posted to 
bugtraq only a few days ago:

http://www.securityfocus.com/archive/1/359139


-- 
http://www.malware.com



---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: