Member, We must check that your ID was registered by real people. So, to help prevent automated, registrations, please click on this link and complete code verification process." The link is, of course, hidden in the HTML and the displayed one is different from where the user will go when they click the link. All of these e-mails use Google redirector techniques in order to defeat SURBL (Spam URI Realtime Blocklists). Some of the e-mails we saw also use multiple redirectors in order to defeat Google's anti-redirector script." />

Strange phishing/spam e-mails - SANS


We received couple of reports of very strange phishing/spam e-mails. They all share obfuscated text which is shown properly when rendered as a HTML. In the body of the e-mail the text is always similar to:

"Dear Member,

We must check that your ID was registered by real people. So, to help prevent automated, registrations, please click on this link and complete code verification process." The link is, of course, hidden in the HTML and the displayed one is different from where the user will go when they click the link.

All of these e-mails use Google redirector techniques in order to defeat SURBL (Spam URI Realtime Blocklists). Some of the e-mails we saw also use multiple redirectors in order to defeat Google's anti-redirector script. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Monday, 14th November 2005 11:36AM