Amongst my SPAM I was wondering what is achieved by the following web
link (i.e what is the purpose of the "C4@" section)

http://(E-Mail Removed)/ruben

Your web browser ignores anything between the http:// and
the @ sign. Often its used to confuse people, such as in
a recent spam:

http://(E-Mail Removed)/index.htm

It appears that its a 'yourbank' site, but in fact that
part is ignored, so you can be duped into giving your info
out at a spoof site. Not a clue why they'd bothere just
putting C4 in though. Maybe trying to be channel 4?

Chris

>-----Original Message-----
>Amongst my SPAM I was wondering what is achieved by the
following web
>link (i.e what is the purpose of the "C4@" section)
>
>http://(E-Mail Removed)/ruben
>
>.
>

Thanks didn't know it was just ignored. Is there a more appropriate
newsgroup to post more SPAM related questions?

(E-Mail Removed) wrote:

> Your web browser ignores anything between the http:// and
> the @ sign. Often its used to confuse people, such as in
> a recent spam:
>
> http://(E-Mail Removed)/index.htm
>
> It appears that its a 'yourbank' site, but in fact that
> part is ignored, so you can be duped into giving your info
> out at a spoof site. Not a clue why they'd bothere just
> putting C4 in though. Maybe trying to be channel 4?
>
> Chris
>
>
>>-----Original Message-----
>>Amongst my SPAM I was wondering what is achieved by the
>
> following web
>
>>link (i.e what is the purpose of the "C4@" section)
>>
>>http://(E-Mail Removed)/ruben
>>
>>.
>>

Mo <(E-Mail Removed)> wrote:
> Amongst my SPAM I was wondering what is achieved by the following web
> link (i.e what is the purpose of the "C4@" section)

> http://(E-Mail Removed)/ruben

A URL can contain a username and password in a construction which looks
like this: http://username(E-Mail Removed). The browser ignores
everything following the "//" up through the "@". "Username" and
"password" are used to fill in the Network Password box presented when a
page requires the user to log in. If login is not required, the entries
may be ignored or used for other purposes. In your example, "C4" looks
like a username, but could have some special meaning to the target site.

--
Gary L. Smith (E-Mail Removed)
Columbus, Ohio

On Thu, 30 Oct 2003 15:22:23 +0000,"Mo" posted ...

>Thanks didn't know it was just ignored. Is there a more appropriate
>newsgroup to post more SPAM related questions?

Steve Gibson of http://grc.com/intro.htm maintains some newsgroups at
<news.grc.com> and among the newsgroups are "grc.spam" & "grc.spam.news"
Other newsgroups cover security and privacy issues etc.

If you visit http://grc.com/nntpquickref.htm you will get a background
of the topics GRC covers.
--

Chris Bee

> but could have some special meaning to the target site.

Stressing the "could have special meaning". One could write a script to
spam a mail list or scan a SMTP server and generating these addresses. Some
HTTP server on the site can decode the info back into your mail address so
one would build a list of valid addresses.

Also, any info can be encoded there so when you visit the site, info would
be submitted. It cannot get hold of -say- your list of ports because it
doesn't run code on the local machine but it can have all the abilities of a
cookie. Actually, it's equivalent to a "submit" with no input from a user.
The only use that comes to my mind now is validating addresses.

I also had some trouble with a pre-padded "C4A" or similar related to a
worm that sent mail to address book. It pre-padded this string for some
reason. I see no use for such padding in the attacker view but it did help
me re-route all addresses beginning with that string to a phantom account.

--
Andrei "Ndi" Dobrin
Brainbench MVP
www.Brainbench.com