Lking Posted March 21, 2015 Share Posted March 21, 2015 https://www.spamcop.net/sc?id=z6077595600z088f29c81dd5deb58eec549c3c857c8ez I have gotten two of these. The first I got several days ago and just assumed there was some newbie playing with his new toy. With more thought today I still don't see the point. Looking at the source I don;t see anything that will go back to the sender or anywhere. I don't see this having a payload <html> <body> <a href='http://www.google.com'> </a> <img src ='test.gif'height="0" width="0"> </body> </html> Maybe it is a kid with a new toy. Link to comment Share on other sites More sharing options...
turetzsr Posted March 21, 2015 Share Posted March 21, 2015 <snip> I don't see this having a payload <snip> Not yet! <snip> <img src ='test.gif'height="0" width="0"> ...Perfect place to put payload, once the "kid" does enough further research to learn how to arm her/ his "toy." <frown> See, for example, Weekly malware update – 2010/Jan/14 | Sucuri Blog. Link to comment Share on other sites More sharing options...
Farelf Posted March 21, 2015 Share Posted March 21, 2015 https://www.spamcop.net/sc?id=z6077595600z088f29c81dd5deb58eec549c3c857c8ez A couple of techniques there that could be adapted to anything from "web bugs" (of several degrees of intrusiveness) to "drive-by" exploits. Not for nothing do security types recommend not opening e-mails from unknown sources - and the more extreme decry the advent of the HTML e-mail back in 1999 and resolutely use only plain text mail clients (or set their mail clients to "text only") to this very day. Link to comment Share on other sites More sharing options...
Lking Posted March 21, 2015 Author Share Posted March 21, 2015 Got yet another today. they still haven't figured out how to use the web bug. Does anyone know anything about "X-Brightmail-Tracker:"? I need to do a search on that. I'm assuming that with those lines in the header when they read the spam report they could see who reported them/which list or bot sent the spam. Anyway, the dance goes on. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.