[Mimedefang] New way of obfuscating text
Jim McCullars
jim at info.uah.edu
Tue Feb 10 13:58:11 EST 2004
I've just noticed this in the past couple of days - it seems that spammers
have come up with a new way of obfuscating text. They give it a font size
so small that graphical-based email clients basically don't show it. I
noticed reading in Pine that the old "As seen on Oprah..." spams were
showing up again, but the line would look something like, "Ass sesen on
NsBsC...". Then I got one on an account I use Eudora with, and the text
looked like what I thought I had blocked. Well, the text that I see in
Pine is actually in Eudora also, but they will obfuscate a letter by doing
this:
<font style="font-size: 1;">s
which makes that "s" basically invisible. Can anyone think of a valid
reason for setting a font size of 1? I am thinking of a SA rule like:
rawbody UAH_SMALL_FONT /<font\s+style=\"font-size:\s+1;/i
describe UAH_SMALL_FONT Unreadable font size
score UAH_SMALL_FONT 8.0
I don't generally like assigning such large scores to a single rule,
but these spams otherwise score very low. Thoughts? TIA...
Jim McCullars
University of Alabama in Huntsville
More information about the MIMEDefang
mailing list