[vox-tech] OT: one of the most pernicious spams i've everseen.

Donald Childs vox-tech@lists.lugod.org
Fri, 26 Sep 2003 15:27:30 -0700


I believe they shut the scam down some time after noon, pst yesterday.

> -----Original Message-----
> From: vox-tech-admin@lists.lugod.org
> [mailto:vox-tech-admin@lists.lugod.org]On Behalf Of Tim Riley
> Sent: Friday, September 26, 2003 2:32 PM
> To: vox-tech@lists.lugod.org
> Subject: Re: [vox-tech] OT: one of the most pernicious spams i've
> everseen.
>
>
>
>
> Larry Ozeran wrote:
>
> > FWIW I tried to go to the "unencoded" address below and
> Netscape fails the
> > DNS lookup, so that browser doesn't do translation.
> >
> > Also, it looks like somebody has been listening. I tried to go the the
> > bogus site just now and received a "document not found" in Russian and
> > English.
>
> I get this too. Also, I received a reply from a Netnation manager
> saying that he's looking into the matter that the account/pin
> posts to their
> server.
>
> >
> >
> > - Larry
> >
> > At 10:39 PM 9/25/03 -0700, you wrote:
> > >
> > >On 2003.09.25 21:53, Rob Rogers wrote:
> > >> On Thu, Sep 25, 2003 at 20:00:51PM -0700, Mitch Patenaude wrote:
> > >> Sorry. I was thinking back to my earlier email where I was discussing
> > >> encoding a domain name to look innocuous. Here was my example:
> > >>
> > >>
http://www.citibank.com%2e%61%33%6b%73%64%2e%50%69%53%65%4d%2e%4e%65%54
> >>
> >> which unencoded becomes http://www.citibank.com.a3ksd.PiSeM.NeT
> >> (using the actual base domain from the original email)
> >>
> >>  This much your browser would have to decode to do a DNS lookup, and
> >> I've  never seen a browser show it encoded. Whether or not it sends
> >> it  encoded  in the referer, I can't speak with any authority, but I
> >> highly doubt  it  does. As for anything after the servername and/or
> >> port #, I realize  it  does send that encoded. I appologize for not
> >> making myself clear at  first.
> >
> >The browser doesn't decode this anywhere. If you try to connect to
> >http://%61mazon.com/ that's exactly what it will try to look up the IP
> >address for so that it can connect. Not "amazon.com". %encoding is just
> >a clever hack to send data to a server, not an "official" alternate way
> >of specifying the location of a document.
> >
> >--
> >I usually have a GPG digital signature included as an attachment.
> >See http://www.gnupg.org/ for info about these digital signatures.
> >My key was last signed 6/10/2003. If you use GPG, *please* see me about
> >signing the key. ***** My computer can't give you viruses by email. ***
> >
> >Attachment Converted: "e:\eudora\attach\Re [vox-tech] OT one of the m1"
> >
>
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech