Jump to content

Obfustacated or encrypted email headers.


flagginator

Recommended Posts

Tracking URL? You say "headers" but only include some sort of snippet of code, and from what's offered as a sample, there's no way it could have traversed any e-mail system ... you're going to have to sort out something first to at least get the data used to actually "send" that e-mail. That it's a virus-laden thing has its own problems and issues.

Link to comment
Share on other sites

I'm on it. In the meantime I figured out those headers are generated by Norton Anti-Virus when it deletes the virus. I'll have to turn off Delete so I can view an original header.

And, to clarify, each message is different, but always signed "Pamela M." within the body;

The subject line is always "Merry Christmas!"

All include the same little pac-man humping animated .gif in the body;

The message between the * and the * changes with each one.

All are addressed to a different email address within the domain.

Here's the munged body of one of the five hundred I've received so far today:

>>>>

* Happy.... ....Hollydays! *

:) Pamela M.

___________________________________________________________________

http://[mydomainname].com/link.postcard.christmas.index.jpg7422 - Picture Size: 11 KB, Mail: +OK

<<<<

Link to comment
Share on other sites

I'm on it. In the meantime I figured out those headers are generated by Norton Anti-Virus when it deletes the virus. I'll have to turn off Delete so I can view an original header.

Gotta love it when the tools get in the way <g>

I just came from a highly-recommended web-site (from a brother, so one would have to believe the recommendation <g>) ... I've got no idea as to the "worthiness" of the site .... three frames, all 404 ... icons blank, three attempts at firing up some ActiveX crap ... I've no doubt that the problem is my security settings, but am just a bit blown away after spending several hours a couple of days ago cleaning his system up from all the "interesting garbage" collected on that system ...

And, to clarify, each message is different, but always signed "Pamela M." within the body;

The subject line is always "Merry Christmas!"

All include the same little pac-man humping animated .gif in the body;

The message between the * and the * changes with each one.

All are addressed to a different email address within the domain.

Yeah, but I know that you know that what's important is the source of all these fine items <g>

Link to comment
Share on other sites

And for those that check in later .. here's what I think happened here ...

flagginator posted a block of stuff.

Merlyn grabbed that block and ran it through a Base-64 decoder, posted the resulting text output

flagginator asked that Merlyn's post be edited or deleted ... also editing the previous block of stuff in the first post

Merlyn apparently deleted the de-coded posting

Notes then compared on what tool did the de-coding.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...