Phishing net getting confused
John Wilcock
john at tradoc.fr
Tue Jul 17 16:28:18 IST 2007
I think I've uncovered a buglet in the phishing net code (MailScanner
version 4.61.7).
Given the following snippet (this was an outgoing message, quoting an
original that included the hotbar link; the moz-do-not-send bits weren't
in that original and seem to be generated by Thunderbird):
> <a moz-do-not-send="true"
> href="http://promos.hotbar.com/promos/promodll.dll?RunPromo&El=&SG=&
> ;RAND=16236&partner=hbtools"><img
> moz-do-not-send="true" title="" alt="Upgrade Your Email - Click here!"
> src="http://promos.hotbar.com/promos/promodll.dll?GetPromo&El=&SG=&
> RAND=16236&partner=hbtools&/p.gif"
> border="0"></a>
Mailscanner's phishing net detected this as follows:
> MailScanner[12590]: Found phishing fraud from promos.hotbar.com
> claiming to be
> www.<imgmoz-do-not-send="true"title=""alt="upgradeyouremail-clickhere!"src="http
> in 6F13B8053.635D4
Clearly the moz-do-not-send is causing a problem, since the original
message without those tags correctly passed through the net undetected.
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
More information about the MailScanner
mailing list