D
Damian Hess
This problem is pretty interesting. It is some kind of exploit
allowing a spammer to subvert all possible Outlook mail guards. Read
carefully for a complete description.
I am using Outlook 2003 with the junk filter at its high setting. It
is atching all but a few of the 200 or so that come in each day. About
three times a day, this one piece of spam slips through, always with
the same text. It is selling Super [misspelled hardening pill brand
name] and blah blah blah. Anyway, since it's always the same I thought
I'd add a simple rule to delete it...
Filters (rules) do not seem to be able to parse its text. The filter's
only condition is that "Viarga" be in the body of the email. The
filter can't find this email in my inbox, neither when it's incoming
nor when I hit the Run this filter now button in the Rules & Alerts
management window.
So I tried to search for it. Note that as A MIGHTY POWER USER I can
successfully find any other mail in the inbox using outlook's Find
function and searching for body text. But the find does not list this
piece of spam, no matter what word from its text I search for.
There are no funky frames or CSS in the source of the email. Nothing
in the headers looks weird to me. How have they engineered this email
that is plain to see yet invisible to the forces of Outlook?
If I forward it to myself, Find is able to locate the forwarded mail.
AND! If I drag it to the desktop (creating a .msg file) then drag it
back into my Outlook inbox, I will have two copies of the message --
the original is still invisible to Find but the twice-dragged version
is not! Both original and dragged versions produce identical .txt
files when I select "view source."
I have posted it here, but note that this is a .msg file which I
dragged out of Outlook, so its magic stealthiness is already cured:
http://suchascream.net/weirdoutlookspam/
Also posted there: the result of telling outlook to save as html and
txt.
Anyway it's not like my finger is broken (I can just delete things at
will) but I'm super curious about this stealth email technique and
scared of villains so if you have some understanding of these things
please post reply.
Thanks
dh
ps I did not click the links to whatever-that-is.com
allowing a spammer to subvert all possible Outlook mail guards. Read
carefully for a complete description.
I am using Outlook 2003 with the junk filter at its high setting. It
is atching all but a few of the 200 or so that come in each day. About
three times a day, this one piece of spam slips through, always with
the same text. It is selling Super [misspelled hardening pill brand
name] and blah blah blah. Anyway, since it's always the same I thought
I'd add a simple rule to delete it...
Filters (rules) do not seem to be able to parse its text. The filter's
only condition is that "Viarga" be in the body of the email. The
filter can't find this email in my inbox, neither when it's incoming
nor when I hit the Run this filter now button in the Rules & Alerts
management window.
So I tried to search for it. Note that as A MIGHTY POWER USER I can
successfully find any other mail in the inbox using outlook's Find
function and searching for body text. But the find does not list this
piece of spam, no matter what word from its text I search for.
There are no funky frames or CSS in the source of the email. Nothing
in the headers looks weird to me. How have they engineered this email
that is plain to see yet invisible to the forces of Outlook?
If I forward it to myself, Find is able to locate the forwarded mail.
AND! If I drag it to the desktop (creating a .msg file) then drag it
back into my Outlook inbox, I will have two copies of the message --
the original is still invisible to Find but the twice-dragged version
is not! Both original and dragged versions produce identical .txt
files when I select "view source."
I have posted it here, but note that this is a .msg file which I
dragged out of Outlook, so its magic stealthiness is already cured:
http://suchascream.net/weirdoutlookspam/
Also posted there: the result of telling outlook to save as html and
txt.
Anyway it's not like my finger is broken (I can just delete things at
will) but I'm super curious about this stealth email technique and
scared of villains so if you have some understanding of these things
please post reply.
Thanks
dh
ps I did not click the links to whatever-that-is.com