Encoded message as an effective spam?

Following up on my previous post on spam, it seems that spam has now gone another step and become not just unreadable – foreign language – but also unreadable to the un-computerized eye:

Subject: Please confirm your message

Body:

IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaX
Rpb25hbC8vRU4iPg0KPEhUTUw+PEhFQUQ+DQo8TUVUQSBodHRwLWVxdWl2PUNvbnRlb
nQtVHlwZSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMiI+DQo8L0hF
QUQ+DQo8Qk9EWT48YSBocmVmPSJodHRwOi8vY291cnNlbWlnaHQuY29tLyIgdGFyZ2V0P
SjfYmxhbmsiPg0KPGltZyBzcmM9Imh0dHA6Ly9jb3Vyc2VtaWdodC5jb20vOGR2czkuanBnIiBib
3JkZXI9MCBhbHQ9IkhhdmluZyB0cm91YmxlIHZpZXdpbmcgdGhpcyBlbWFpbD8NCkNsaWNr
IGhlcmUgdG8gdmlldyBhcyBhIHdlYnBhZ2UuIj48L2E+PC9CT0RZPjwvSFRNTD57L0JBU0
U2NF9FTkNPREVEfQ0KDQoAAAAAAAAAAAAAAAA=

Wow that is nice, I would sure want to buy an IURPQ1…

This is plain silly it is a Base64 encoded message, but why would my reader open it?

There is indication in the email headers that this is Base64 encoded, but I can’t understand what kind of reader will even try to open it as it seems that base64 encode content inside a body is not common practice unless it is part of a multipart message.

Those wondering, the email’s intention is to show you an HTML  that sells you fake? real? pills.

Share
  • http://rgaucher.info romain

    I was wondering about the same thing some time ago, but I actually realized that the base64 feature is part of many SMTP implementation. If the content is base64 encoded, it will simply decode it…

    I then believe that some clients are handling this type of messages… but didn’t test further.

  • http://www.zerosource.org Zerolove

    Romain is correct. Base64 is a standard for encoding this one in particular is decoded to the following.

    [removed the HTML, no need to paste spam content]

  • http://www.BeyondSecurity.com noam

    I had not said that its not base64, or invalid base64, I was just wondering what email client supports it as Outlook (‘regular’ and Express) and Kontact/Kmail appear to not.