• Very Clever Junk Mail

    Author
    Topic
    #463605

    Here is a puzzle ……. The following quote is the “source code for an email massage that, when viewed, looks like the print out attached. I get at least two of these per day and because the text is fragmented, i..e. broken into pieces, in the source, and then reassembled or somehow made to appear correctly assembled in the mal view, my junk filters are not effective. There are simply no “keys” to trigger the filter. Can you or your team figure out how this scam message works and a way to defeat the onslaught of junk generated by the methodology?

    QUOTE

    Read Message

    function popupPrint(){

    var print_win_param = ‘width=750,height=500,resizable=1,scrollbars=1’;

    var action = “http://mail.pcdco.com/cgi-bin/” + “viewmail.exe”;

    var id = “id=01de2e7d63007858d0dc3128080267ea8615”;

    var threadid = “threadid=H343792243339910”;

    var xsl = “xsl=preview.xsl”;

    var url = action + “?” + id + “&” + threadid + “&” + xsl + “&ftl=”;

    var print_win = window.open(url,””,print_win_param);

    print_win.focus();

    }

    Retrieving E-mail

    Please wait a moment while we retrieve your e-mail….

    Read Message

    Select One└INBOX ├cranes ├Draft ├ebrd ├Employment ├it ├Junk ├MIT Spam ├oil n gas ├photo ├Sent ├training ├Trash └travel

    From: Kari Lyon <quotes@porthcawl-insurance.co.uk>

    [ add to contacts

    ]

    To:

    mdes@pcdco.com

    Cc:
    Date: Monday, November 02, 2009 06:53 am
    Subject: -30722186 Your New Username & Password‏

    Gen eu eric Via it gra Onli xrt ne

    Pha ffa rmacy Wit oe hout Pres vyk cription

    XL online ph gi armacy is the most re gm liable me ds dication pro yt vider for gen mq eric dru zm gs

    with qic out pres yo cription including Ge hiw neric Via uo gra. We offer a ch asx eap Via bbt gra solu wgb tion

    to cust svn omers aro njg und the world. We pro fww vide the best no pres shh cription me vl ds and over

    1 rdl 000 gen xbx eric prod cw ucts like Ci tx alis, Lev di itra, Xen ok ical, Prop tkq ecia, Cana tt dian Via ddu gra

    and ma fn ny more. All of our he pmk alth ca kw re prod hw ucts are as eff yne ective as any other

    br ij and name medi qs cations, since they are equ ph ally sa sks fe and equ yub ally reli aq able.

    Many peo ve ple put their trust in the po izr wer of Gene oy ric Via xjr gra and gen beb eric pro tmq ducts

    in gen lo eral, thus, X biz L online pha ay rmacy esc ch row ser fk vice guara dn ntees that you re nag ceive

    not gq hing but the best qu ta ality and cust fk omer serv xk ice. Bu gez y Via sje gra wit fk hout

    pre aoi scription and get just what you are loo xmc king for from a reli ar able online

    phar ofa macy: sup ub erior quality pro iaw ducts, unbe ct atable pri yl ces, effecti kcq veness, sa kto fety,

    disc bw retion, fa qmk st ship xhs ping, and total sati nky sfaction guara luf nteed.

    Via mz gra

    Silde bz nafil 50/100mg

    Cia gpt lis

    Tada on lafil 10/20mg

    Levi wkf tra

    Vard rs enafil 20mg

    The Lo xns west Pha bzb rmacy Onli vbr ne-Off ww ers

    Wo jr men’s Hea nuw lth

    All pro no ducts

    Attachments: Text version of this message. (1KB)

    UNQUOTE

    Viewing 2 reply threads
    Author
    Replies
    • #1184045

      The following quote is the “source code for an email massage

      Could I suggest putting that in a document and attaching it? It’s a lot to scroll through.

      Commercial filtering providers have been decoding these kinds of messages for years, and some of the better programs might also recognize it. What kinds of junk filters are you using?

      • #1184054

        Could I suggest putting that in a document and attaching it? It’s a lot to scroll through.

        Commercial filtering providers have been decoding these kinds of messages for years, and some of the better programs might also recognize it. What kinds of junk filters are you using?

        Yes, I noticed that scrolling through is difficult and even trying to wipe the text and copy to another document is hard to control. Is this an artifact of the lounge software. Anyway, please find the offending code in an MS document for your convenience. As for the filter, it is built into the my domain name hosting package with Network Solutions, and I have no idea what is being used. The options offered are not very sophistcated and included only limited date and text variations.

    • #1184245

      Couldn’t you just disable Java Scripting? It’s major security issue anyway. No-script addon in Firefox is great.

      TYPE=”text/css”>

      • #1184258

        Couldn’t you just disable Java Scripting?

        Most email programs do not execute the JavaScript in HTML messages, for obvious reasons. The problem in this case is not caused by a script, but by the insertion of spurious snippets of text that are repositioned using styles so that they appear off to the side of the marketing message. Filters find it hard to read around these snippets to understand the true content of the message.

        Floats have been used in other devious ways. Example in this thread: The latest undetectable spam (in the Security & Backups forum).

    • #1184413

      Oh. I didn’t understand the problem. Sorry about that.

    Viewing 2 reply threads
    Reply To: Very Clever Junk Mail

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: