Spam
Home
  
Spam
    
Tricks
      Trick 1

Language:
  
Espaņol

Spam info:
  Intro
  Remote images

Spam: The remote image trick

Images in e-mail are nice, but you should always suspect them, particularly if opening the e-mail causes activity on the internet link (though by then it can be too late).

Take this - innocent looking - message:


    Good morning.
    
    Sampai jumpa lagi
    
This is the text you see if using a simple, text-only mail program. In Outlook Express or other HTML-enabled e-mail program, the text is different:

    Hello, handsome!

    Pa payno
    
There's supposed to be an image in between the two lines. That's the interesting part. The image is not included with the message, but is a link to an image which is fetched on viewing. Here's the hidden code for that:

    <IMG src=3d"http://fhfvinleuevnn=2einfo/5xad8e7xee1xc26eebaafc9
df2/DFFGSSENBA0=WEDAdHhkwDas=3d=2ejpg" alt=3d"squabbling" border=3d0>
A little work has to be done to eliminate the 'escape sequencies', which start with '='. The link is to a site called

    http://fhfvinleuevnn.info
    
(I mangled the actual site name - it's really located in Brasil.) Then follow a long sequence of characters, which really identifies you uniquely as the originator of the request, and confirms your e-mail as a) existing, and b) belonging to someone with an HTML-enabled e-mail client. It could be that you even get the image - I doubt it though. The site didn't even have the website configured.

The strange appearance of the web-site name gives the impression that it is one of these disposable websites, which exist for just a few days and then disappear (very popular in Chinese spam).

Remedy

The only remedy here is to disable HTML in messages. I realize that this is a step few people will take. Check if you e-mail client has an option to disable links to the outside world. Disable it - there's always time to re-enable...

Note: This type of trick doesn't really harm your computer. It's just another way of 'harvesting' confirmed e-mail addresses.

7428


(c) John Coppens ON6JC/LW3HAZ mail