Tommy Posted June 1, 2005 Posted June 1, 2005 Please forgive me if this has been discussed recently -- I don't see any likely topic titles, but I admit I haven't read the forums in months. 99% of my spam I quick-report, but for special cases such as phishing attempts I often use the "report spam" form and add a note saying something like "forged phishing spam targeting bank customers." Today I got this one and ALMOST couldn't file the reports: http://www.spamcop.net/sc?id=z770232735zb7...28c4037e24bb17z For some reason, the first three times I tried to display the report, the browser window redirected from spamcop to the fake bank site! I'm not quite sure how this could happen -- maybe a bug in the browser made it interpret the text on the page as a legitimate scri_pt ? I'm mentioning this because it might also indicate a problem with the spamcop processing code. I WAS finally able to display the report page, and I manually added the reporting addresses of the actual bank and the hosting company of the fake site. So maybe it was just a fluke. My favorite excuses are sun spots and cosmic radiation.) ;-) I'm running Firefox 1.0.4 on Debian PowerPC ("testing"). I'm also a spamcop mail customer but I don't think this has anything to do with it.
Wazoo Posted June 1, 2005 Posted June 1, 2005 There is no 'live' code in your sample. There is no way for the SpamCop web-page form to "just go off" as it's there only to accept your pasted-on text, wait for your click on the Submit button, then feed that text to the parser ... there is nothing 'live' there either. You mention using FireFox on Debian but make no mention of an e-mail applicatin involved. Anyway, from what I see of your sample, there is no way that things would fire off by themselves. I'd suggest it would be more likely to be something to do with "focus" and mouse/touchpad sensitivities as compared t a 'code' issue.
Tommy Posted June 1, 2005 Author Posted June 1, 2005 No email application involved in that part -- I use Thunderbird but it never touched that message. I also didn't paste the message -- it came from the held mail list via the "Queue for reporting (and move to trash)" option and clicking the Release/Delete button. It's pretty strange to me, too -- I really don't know how it happened, and it's the only message this has ever happened on. However, since I only upgraded to v1.0.4 of Firefox a few days ago so I was wondering if there's any way it somehow saw the escaped URL and acted upon it as if it were a scri_pt, but I don't see how. I do have some Firefox extensions like scriptmonkey installed (but never activated) so if I see it again I may see if it's one of those.
Merlyn Posted June 1, 2005 Posted June 1, 2005 Yes, please post if it happens again. This is interesting to say the least.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.