RE: Email webbugs

From: Andrew Kavanagh (andrewk@spray-quip.com)
Date: 08/29/01 

From: Andrew Kavanagh <andrewk@spray-quip.com>
To: <focus-ms@securityfocus.com>
Subject: RE: Email webbugs
Date: Wed, 29 Aug 2001 09:30:07 -0400
Message-ID: <EBEKIPJCIAPMGAMINGHHMEHKCOAA.andrewk@spray-quip.com>

Steganography is used for these webbugs i believe. This technology is also
used in web counters to give information to the webmaster on the type of
computers used to view the website. If the gif image is embedded in the
email, a steganography program can be used to view the script hidden within
the image which could uncover the location of the log file on the internet.
If the gif image is actually retrieved from a remote server, im pretty sure
the image can still be checked for steganography. This could possibly be
used to report spammers, hackers, etc.

Andrew Kavanagh
IT Manager
Spray-Quip Ltd.

-----Original Message-----
From: Brian Rea [mailto:brea@physiometrics.net]
Sent: Monday, August 27, 2001 3:18 PM
To: Tracy Martin; focus-ms@securityfocus.com
Subject: Re: Email webbugs

> Set up a rule/filter to send any HTML or mixed mode messages to a special
> folder. Temporarily disconnect from the Internet (either by actually
> disconnecting or by playing with the Gateway setting for TCP/IP so it
can't
> find it's way out), then read the messages. Since Outlook/OE can't find
the
> Internet, it can't send the requests, and nothing gets logged.

another solution would be to configure your firewall to disallow port 80
access to msimn.exe or outlook.exe, etc, provided your firewall can be
configured with application-specific permissions.

also, the WebWasher local proxy (www.webwasher.com) has a web bug filter
(along with tons of other great features) and since it proxy's the MSIE
browser, it affects the MS email clients, as well... since they gain their
connectivity through MSIE.

- Dixieland