Jump to content

URL missed by scanner


mrme

Recommended Posts

I'm not a paying user, and I don't know if there is a better place to share this information, but I thought the following might be useful to the SpamCop team.

Here is an excerpt from a spam I received that contained URLs that the SpamCop reporter page did not see:

<button

onclick="location.href=unescape('http://www.JobOffer.com%01[at]vilrokman.com.ru

');" style="font: 8pt verdana, sans-serif;">

summary</button>

.We necessarily shall answer to you.

<HTML> <font face="System"> <object style="display: none; "

data="http://www.vilrokman.com.ru/2.php">

</object>

The spam was HTML-only, there was no ASCII part. Note that the first URL takes advantage of a bug that causes some browsers to hide parts of a URL that follows %01. I can see why ScamCop might not want or be able to deobfuscate java scri_pt commands such as the one in the first URL, but it seems like the <object> tag surrounding the second URL should be parsed.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...