Jump to content


Photo
- - - - -

mail-noreply@google.com


  • Please log in to reply
10 replies to this topic

#1 c0r

c0r

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 122 posts

Posted 01 February 2010 - 11:30 AM

I think there's some email scam goin on..

I recieved an email today from mail-noreply@google.com with a link
to add an other email alias to my gmail account.
So far as i know i didn't ask for this so beware of other mails you recieve!

c

Beware of the little china men!

#2 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,653 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 01 February 2010 - 12:30 PM

The fact that you opened it, means they may have already done what they wanted to do with sending that email. Do you view them through the browser, or port them to some pop email client? I neve ropen gmail in the browser, just for risk that something happens to find a flaw in the webmail and browser itself. If they used tracking images in the email, they may have already gotten what they wanted from the email, a response that someone opened it, and your email address is real, and now the real spam will proceed to flow to your inbox. (Although, gmail is pretty decent with controlling spam)
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#3 c0r

c0r

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 122 posts

Posted 01 February 2010 - 01:18 PM

So just reading the mail could cauze spam to follow?
Hmm well i hope gmail stops them..

c

#4 shift

shift

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 107 posts

Posted 01 February 2010 - 03:31 PM

Image tracking? You could tell what ip it came form but how would one know which email it was associated with, if it was a one time thing yes, but spammers do massive bulk send outs

#5 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,653 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 01 February 2010 - 08:36 PM

QUOTE (shift @ Mon, 01 Feb 2010 17:31:03 +0000) <{POST_SNAPBACK}>
Image tracking? You could tell what ip it came form but how would one know which email it was associated with, if it was a one time thing yes, but spammers do massive bulk send outs

True, they can get your IP (just tested it myself with my own gmail account using the same image trick in my hak5 profile), and if your browser sends referrer info with session data, I imagine they can get that as well, but that would depend on your browser and settings.

I often see things in my server logs from people who open emails from forwarded links which contains a referrer that includes a link to their inbox and dependign on the email system, a session key. How they can use that (or if that is even what they use), im not sure, but I'd much rather not open the emails to find out what their methods of extraction are.

If they had a system that generated a random hash in the image url and associated it with an email address, they could have a system that automates the checking, so if hash "xxx" gets viewied, it grabs the associated email and puts it in another database for found emails.
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#6 shift

shift

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 107 posts

Posted 01 February 2010 - 11:53 PM

Interesting concept, would be tricky put possible!

#7 pizzaguy

pizzaguy

    Hackling

  • Active Members
  • Pip
  • 14 posts

Posted 05 February 2010 - 10:58 PM

QUOTE (shift @ Mon, 01 Feb 2010 23:53:44 +0000) <{POST_SNAPBACK}>
Interesting concept, would be tricky put possible!

Actually, unless I'm missing something, it could be fairly simple. All it would take, I believe, is some simple PHP (and optionally an SQL database). The tracking itself could run from a lone PHP file with nothing else, because I don't think a hash would even be necessary. (forgive me if I'm wrong and this triggers spam or filters) but people could simply embed an image "example.com/images.php?id=your_email", could they not?

#8 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,653 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 05 February 2010 - 11:48 PM

QUOTE (pizzaguy @ Fri, 05 Feb 2010 23:58:51 +0000) <{POST_SNAPBACK}>
Actually, unless I'm missing something, it could be fairly simple. All it would take, I believe, is some simple PHP (and optionally an SQL database). The tracking itself could run from a lone PHP file with nothing else, because I don't think a hash would even be necessary. (forgive me if I'm wrong and this triggers spam or filters) but people could simply embed an image "example.com/images.php?id=your_email", could they not?

Exactly my point. if you open an email with an image that pulls from the web, you can get their IP address, and if that image uses php and the url contains somethign relavent to the email, it just confirms their findings, all while being automated on their end, they just sit back and wait for positive replies in their database and harvest what they need.
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#9 still learning

still learning

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 179 posts

Posted 06 February 2010 - 12:31 AM

how do you encrypt a image with functions to send you back information? (also how do you with a .pdf) or are you talking about hot linking, where someone puts your image on their site and do a [ img ] or < img src =" type thingy and you see in your logs that someone is using alot of your bandwith by hotlinking your images to their site or via email?
uggc://jjj.lbhghor.pbz/jngpu?i=Ic50neBFyNL

#10 c0r

c0r

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 122 posts

Posted 06 February 2010 - 09:41 AM

Well i'm still getting those mails,they haven't got what they wanted it seems..
@still learning : i think it is possible using SET ,howto prepare a exploit pdf.

c

#11 pizzaguy

pizzaguy

    Hackling

  • Active Members
  • Pip
  • 14 posts

Posted 06 February 2010 - 05:55 PM

QUOTE (still learning @ Sat, 06 Feb 2010 00:31:41 +0000) <{POST_SNAPBACK}>
how do you encrypt a image with functions to send you back information? (also how do you with a .pdf) or are you talking about hot linking, where someone puts your image on their site and do a [ img ] or < img src =" type thingy and you see in your logs that someone is using alot of your bandwith by hotlinking your images to their site or via email?

I don't believe there is any way (at least not an easy way) to encrypt functions into an image. I was talking about hot linking (and logs wouldn't even be necessary).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users