Uli's Web Site
[ Zathras.de - Uli's Web Site ]
Other Sites: Stories
Abi 2000
Stargate: Resurgence
Lost? Site Map!
     home | blog | moose | programming | articles >> blog

 Blog Topics

15 Most Recent [RSS]

 Less work through Xcode and shell scripts
2011-12-16 @600
 iTunesCantComplain released
2011-10-28 @954
 Dennis Ritchie deceased
2011-10-13 @359
 Thank you, Steve.
2011-10-06 @374
 Cocoa Text System everywhere...
2011-03-27 @788
 Blog migration
2011-01-29 @520
 All you need to know about the Mac keyboard
2010-08-09 @488
 Review: Sherlock
2010-07-31 @978
 Playing with Objective C on Debian
2010-05-08 @456
 Fruit vs. Obst
2010-05-08 @439
 Mixed-language ambiguity
2010-04-15 @994
 Uli's 12:07 AM Law
2010-04-12 @881
 Uli's 1:24 AM Law
2010-04-12 @874
 Uli's 6:28 AM Law
2010-04-12 @869
 Uli's 3:57 PM Law
2010-04-12 @867


Use of CSS in spam mails...

I just got an interesting spam message. It's an HTML e-mail that uses the CSS "float" property to encode its spam. Essentially, the text of the message is written like:
B<span style="float: right">!</span>U<span style="float: right">l</span>Y
<span style="float: right">i</span> <span style="float: right">a</span>M
<span style="float: right">m</span>O<span style="float: right">-</span>R
<span style="float: right">e</span>E<span style="float: right">&nbsp;
</span> <span style="float: right">k</span>B<span style="float: right">n</span>E
<span style="float: right">u</span>E<span style="float: right">j</span>R!

Yes, you saw that right: This is two sentences intermingled by alternating characters from both messages and writing one backwards, then styling the backwards sentence's characters as float: right. The end result looks like the following:
B!UlYi aMmO-ReE  kBnEuEjR!

Anyone know whether there's a spam filter yet that can decode that and detect it as the text it actually contains?

Reader Comments: (RSS Feed)
Ruth Less writes:
You don't need to decode it. Just assume that someone who tags texts character-wise must have some fishy buisiness going on! Same as with setting the text color to the background color or using an above-avarage number of punctuation in HTML/text. Real people don't do that...
Justin writes:
I found the same thing today - I couldn't believe some ph4rma-spam made it to my inbox. I think Ruth has a good point - this much HTML for so few regular characters should raise a red flag.
Or E-Mail Uli privately.

Created: 2006-03-04 @190 Last change: 2024-04-16 @396 | Home | Admin | Edit
© Copyright 2003-2024 by M. Uli Kusterer, all rights reserved.