mrme Posted February 17, 2004 Posted February 17, 2004 I'm not a paying user, and I don't know if there is a better place to share this information, but I thought the following might be useful to the SpamCop team. Here is an excerpt from a spam I received that contained URLs that the SpamCop reporter page did not see: <button onclick="location.href=unescape('http://www.JobOffer.com%01[at]vilrokman.com.ru ');" style="font: 8pt verdana, sans-serif;"> summary</button> .We necessarily shall answer to you. <HTML> <font face="System"> <object style="display: none; " data="http://www.vilrokman.com.ru/2.php"> </object> The spam was HTML-only, there was no ASCII part. Note that the first URL takes advantage of a bug that causes some browsers to hide parts of a URL that follows %01. I can see why ScamCop might not want or be able to deobfuscate java scri_pt commands such as the one in the first URL, but it seems like the <object> tag surrounding the second URL should be parsed.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.