[Esa-l] Defanging of HTML mail

Brett Glass brett at lariat.org
Mon Jan 1 23:49:54 PST 2001

We just got a nasty HTML spam which contained directives
to fetch content fromt he spammer's site; it was
not fully neutralized by John's current sanitizer code. 
The source looked like this after defanging:

><title>Oldies Online Casino - Happy New Year!!!</title>
><bgsound src="http://www.oldiesonlinecasino.com/getyourbets.wav" loop="1">
><body bgcolor="#FFFFFF">
><p><font color="#000000" face="Arial, Helvetica, sans-serif" size="5">Oldies
>  Casino</font><br>
>  <font face="Arial, Helvetica, sans-serif" color="#FF0000">Would like to
>  you and your family a Happy New Year!</font><font face="Arial, Helvetica,
>  </font><a href="http://www.oldiesonlinecasino.com"><DEFANGED_IMG
>src="http://www.oldiesonlinecasino.com/img/25perbonus.gif" width="253"
>height="164" border="0"></a><br>
>  <font face="Arial, Helvetica, sans-serif" color="#FF0000">We Would also like 
>  to offer ALL NEW &amp; EXISTING Members a <br>
>  Holiday 25% Bonus<br>
>  </font><font face="Arial, Helvetica, sans-serif" color="#000000">Oldies Online 
>  Casino offers Free no download Flash Internet <br>
>  gambling, games include craps, keno, slots, video poker, <br>
>  roulette and blackjack in real time. Play for fun or cash!<br>
>  <a
>  <font size="1"><br>
>  to <a href="http://www.oldiesonlinecasino.com"><font
>  click here</font></font></p>

Note that the background sound got through.... I suspect that a
background bitmap would as well.


More information about the esd-l mailing list