Apologies for being off topic but I have a question about SPAM

  • Thread starter Thread starter Mo
  • Start date Start date
Your web browser ignores anything between the http:// and
the @ sign. Often its used to confuse people, such as in
a recent spam:

http://[email protected]/index.htm

It appears that its a 'yourbank' site, but in fact that
part is ignored, so you can be duped into giving your info
out at a spoof site. Not a clue why they'd bothere just
putting C4 in though. Maybe trying to be channel 4?

Chris
 
Thanks didn't know it was just ignored. Is there a more appropriate
newsgroup to post more SPAM related questions?
 
Mo said:
Amongst my SPAM I was wondering what is achieved by the following web
link (i.e what is the purpose of the "C4@" section)
Click to expand...
http://[email protected]/ruben
Click to expand...

A URL can contain a username and password in a construction which looks
like this: http://username:[email protected]. The browser ignores
everything following the "//" up through the "@". "Username" and
"password" are used to fill in the Network Password box presented when a
page requires the user to log in. If login is not required, the entries
may be ignored or used for other purposes. In your example, "C4" looks
like a username, but could have some special meaning to the target site.
 
On Thu, 30 Oct 2003 15:22:23 +0000,"Mo" posted ...
Thanks didn't know it was just ignored. Is there a more appropriate
newsgroup to post more SPAM related questions?
Click to expand...

Steve Gibson of http://grc.com/intro.htm maintains some newsgroups at
<news.grc.com> and among the newsgroups are "grc.spam" & "grc.spam.news"
Other newsgroups cover security and privacy issues etc.

If you visit http://grc.com/nntpquickref.htm you will get a background
of the topics GRC covers.
 
but could have some special meaning to the target site.

Stressing the "could have special meaning". One could write a script to
spam a mail list or scan a SMTP server and generating these addresses. Some
HTTP server on the site can decode the info back into your mail address so
one would build a list of valid addresses.

Also, any info can be encoded there so when you visit the site, info would
be submitted. It cannot get hold of -say- your list of ports because it
doesn't run code on the local machine but it can have all the abilities of a
cookie. Actually, it's equivalent to a "submit" with no input from a user.
The only use that comes to my mind now is validating addresses.

I also had some trouble with a pre-padded "C4A" or similar related to a
worm that sent mail to address book. It pre-padded this string for some
reason. I see no use for such padding in the attacker view but it did help
me re-route all addresses beginning with that string to a phantom account.
 
Back
Top