Security Information Vulnerability Research Security Blog

Encoded message as an effective spam?

December 29th, 2008 by noam, Filed under: Commentary, Spam

Following up on my previous post on spam, it seems that spam has now gone another step and become not just unreadable - foreign language - but also unreadable to the un-computerized eye:

Subject: Please confirm your message

Body:

IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaX
Rpb25hbC8vRU4iPg0KPEhUTUw+PEhFQUQ+DQo8TUVUQSBodHRwLWVxdWl2PUNvbnRlb
nQtVHlwZSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMiI+DQo8L0hF
QUQ+DQo8Qk9EWT48YSBocmVmPSJodHRwOi8vY291cnNlbWlnaHQuY29tLyIgdGFyZ2V0P
SjfYmxhbmsiPg0KPGltZyBzcmM9Imh0dHA6Ly9jb3Vyc2VtaWdodC5jb20vOGR2czkuanBnIiBib
3JkZXI9MCBhbHQ9IkhhdmluZyB0cm91YmxlIHZpZXdpbmcgdGhpcyBlbWFpbD8NCkNsaWNr
IGhlcmUgdG8gdmlldyBhcyBhIHdlYnBhZ2UuIj48L2E+PC9CT0RZPjwvSFRNTD57L0JBU0
U2NF9FTkNPREVEfQ0KDQoAAAAAAAAAAAAAAAA=

Wow that is nice, I would sure want to buy an IURPQ1…

This is plain silly it is a Base64 encoded message, but why would my reader open it?

There is indication in the email headers that this is Base64 encoded, but I can’t understand what kind of reader will even try to open it as it seems that base64 encode content inside a body is not common practice unless it is part of a multipart message.

Those wondering, the email’s intention is to show you an HTML  that sells you fake? real? pills.

DiggRedditSlashdotTwitThisSphinnStumbleUpondel.icio.usFacebookGoogleTechnoratiE-mail this story to a friend!

-

Is your site safe from SQL Injection? Website Security Audit is the way to protect your network!

3 Comments:

  1. romain, on December 29th, 2008 at 12:14 pm Said:

    I was wondering about the same thing some time ago, but I actually realized that the base64 feature is part of many SMTP implementation. If the content is base64 encoded, it will simply decode it…

    I then believe that some clients are handling this type of messages… but didn’t test further.

  2. Zerolove, on December 30th, 2008 at 4:25 pm Said:

    Romain is correct. Base64 is a standard for encoding this one in particular is decoded to the following.

    [removed the HTML, no need to paste spam content]

  3. noam, on December 30th, 2008 at 8:25 pm Said:

    I had not said that its not base64, or invalid base64, I was just wondering what email client supports it as Outlook (’regular’ and Express) and Kontact/Kmail appear to not.

Leave a Comment

Security RSS Subscribe


Vulnerability Scanner