Lking 0 Posted March 21, 2015 https://www.spamcop.net/sc?id=z6077595600z088f29c81dd5deb58eec549c3c857c8ez I have gotten two of these. The first I got several days ago and just assumed there was some newbie playing with his new toy. With more thought today I still don't see the point. Looking at the source I don;t see anything that will go back to the sender or anywhere. I don't see this having a payload <html> <body> <a href='http://www.google.com'> </a> <img src ='test.gif'height="0" width="0"> </body> </html> Maybe it is a kid with a new toy. Share this post Link to post Share on other sites
turetzsr 0 Posted March 21, 2015 <snip> I don't see this having a payload <snip> Not yet! <snip> <img src ='test.gif'height="0" width="0"> ...Perfect place to put payload, once the "kid" does enough further research to learn how to arm her/ his "toy." <frown> See, for example, Weekly malware update – 2010/Jan/14 | Sucuri Blog. Share this post Link to post Share on other sites
Farelf 0 Posted March 21, 2015 https://www.spamcop.net/sc?id=z6077595600z088f29c81dd5deb58eec549c3c857c8ez A couple of techniques there that could be adapted to anything from "web bugs" (of several degrees of intrusiveness) to "drive-by" exploits. Not for nothing do security types recommend not opening e-mails from unknown sources - and the more extreme decry the advent of the HTML e-mail back in 1999 and resolutely use only plain text mail clients (or set their mail clients to "text only") to this very day. Share this post Link to post Share on other sites
Lking 0 Posted March 21, 2015 Got yet another today. they still haven't figured out how to use the web bug. Does anyone know anything about "X-Brightmail-Tracker:"? I need to do a search on that. I'm assuming that with those lines in the header when they read the spam report they could see who reported them/which list or bot sent the spam. Anyway, the dance goes on. Share this post Link to post Share on other sites