[vox-tech] one of the most pernicious spams i've ever seen.

R. Douglas Barbieri vox-tech@lists.lugod.org
Thu, 25 Sep 2003 09:47:00 -0700


--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 25, 2003 at 06:30:32AM -0700, p@dirac.org wrote:
> http://www.citibank.com:ac=3DVybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSeM.NeT=
/3/?IYTEw
> 4eVTtbH1w6CpDrT

This has me flabbergasted. I bet this trick worked very well for the
scammers. I mean, even though the email is amateurish, the web page
looks totally legit. I tested this out in konqueror; hovering over any
link on the page shows that it would be redirected through PsSeM.NeT.

I remember seeing something like this during the dot bomb. There was a
website called something like safeweb.com (I can't remember the actual
name, it's on the tip of my tounge). The idea was for you to be able to
surf the web using https--the https server would "wrap" all of the
target links on a page before serving it to your browser via https--I
guess a kind of web tunneling.

--=20
R. Douglas Barbieri
doug@dooglio.net
http://www.dooglio.net

vi: "The way God meant for man to edit text files..."

GPG Fingerprint: FE6A 6A57 2B95 7594 E534  BFEE 45F1 9E5E F30A 8A27
GPG Public key : http://www.dooglio.net/dooglio.asc

--/04w6evG8XlLl3ft
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQCVAwUBP3McBEXxnl7zCoonAQL+uAP/aTLahHe0PF8et+dAfnv4rnNFCkzJz9M5
UK9kbyiyXjRq4GEpMmeHwvx5xm9URUZEoKOe43hm2xlSiYr4m2YU07hPvEjQ8Qrz
QysrOaa7nH/0UUoFcxXJ8CJa+/0vUCFs6s9muGkKDpGVp3kuYbhBOh8dgPpUJHX9
9/qoNzTfBI8=
=OcT9
-----END PGP SIGNATURE-----

--/04w6evG8XlLl3ft--