Images in e-mail are nice, but you should always suspect them, particularly if opening the e-mail causes activity on the internet link (though by then it can be too late).
Take this - innocent looking - message:
Good morning. Sampai jumpa lagiThis is the text you see if using a simple, text-only mail program. In Outlook Express or other HTML-enabled e-mail program, the text is different:
Hello, handsome! Pa paynoThere's supposed to be an image in between the two lines. That's the interesting part. The image is not included with the message, but is a link to an image which is fetched on viewing. Here's the hidden code for that:
<IMG src=3d"http://fhfvinleuevnn=2einfo/5xad8e7xee1xc26eebaafc9A little work has to be done to eliminate the 'escape sequencies', which start with '='. The link is to a site called
df2/DFFGSSENBA0=WEDAdHhkwDas=3d=2ejpg" alt=3d"squabbling" border=3d0>
http://fhfvinleuevnn.info(I mangled the actual site name - it's really located in Brasil.) Then follow a long sequence of characters, which really identifies you uniquely as the originator of the request, and confirms your e-mail as a) existing, and b) belonging to someone with an HTML-enabled e-mail client. It could be that you even get the image - I doubt it though. The site didn't even have the website configured.
The strange appearance of the web-site name gives the impression that it is one of these disposable websites, which exist for just a few days and then disappear (very popular in Chinese spam).
Note: This type of trick doesn't really harm your computer. It's just another way of 'harvesting' confirmed e-mail addresses.
|(c) John Coppens ON6JC/LW3HAZ|