mrme Posted February 17, 2004 Share Posted February 17, 2004 I'm not a paying user, and I don't know if there is a better place to share this information, but I thought the following might be useful to the SpamCop team. Here is an excerpt from a spam I received that contained URLs that the SpamCop reporter page did not see: <button onclick="location.href=unescape('http://www.JobOffer.com%01[at]vilrokman.com.ru ');" style="font: 8pt verdana, sans-serif;"> summary</button> .We necessarily shall answer to you. <HTML> <font face="System"> <object style="display: none; " data="http://www.vilrokman.com.ru/2.php"> </object> The spam was HTML-only, there was no ASCII part. Note that the first URL takes advantage of a bug that causes some browsers to hide parts of a URL that follows %01. I can see why ScamCop might not want or be able to deobfuscate java scri_pt commands such as the one in the first URL, but it seems like the <object> tag surrounding the second URL should be parsed. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.