[Mimedefang] Interesting twist of spam
Dave Williss
dwilliss at microimages.com
Wed Oct 16 10:30:01 EDT 2002
I got some spam/virus today that got past Mimedefang in
an interesting way.
Outlook Express didn't show it as having any attachments,
but it did.
Two of the parts were messages saying that the KLEZ virus
had been detected and by a server at gwu.edu (the message
seemed to have originated from there)
The next section contained HTML containing an iframe.
The iframe had
iframe src=cid:H424l108n150zTlbl height=0 width=0
Then the following attachment...
--Boundary_(ID_gaWXt5qtYHAvWlceGP55mQ)
Content-id: <H424l108n150zTlbl>
Content-type: application/octet-stream; name=version.txt
Content-disposition: attachment; filename=version.txt
Content-transfer-encoding: base64
(A base-64 encoded stream followed)
When I opened the email, it popped up a browser window
which contained the final attachment. This worries me.
-- Dave Williss
------
Meddle not in the affairs of dragons,
for you are crunchy and taste good with catsup
More information about the MIMEDefang
mailing list