Archived

This topic is now archived and is closed to further replies.

c0r

mail-noreply@google.com

11 posts in this topic

I think there's some email scam goin on..

I recieved an email today from mail-noreply@google.com with a link

to add an other email alias to my gmail account.

So far as i know i didn't ask for this so beware of other mails you recieve!

c

Beware of the little china men!

0

Share this post


Link to post
Share on other sites

The fact that you opened it, means they may have already done what they wanted to do with sending that email. Do you view them through the browser, or port them to some pop email client? I neve ropen gmail in the browser, just for risk that something happens to find a flaw in the webmail and browser itself. If they used tracking images in the email, they may have already gotten what they wanted from the email, a response that someone opened it, and your email address is real, and now the real spam will proceed to flow to your inbox. (Although, gmail is pretty decent with controlling spam)

0

Share this post


Link to post
Share on other sites

So just reading the mail could cauze spam to follow?

Hmm well i hope gmail stops them..

c

0

Share this post


Link to post
Share on other sites

Image tracking? You could tell what ip it came form but how would one know which email it was associated with, if it was a one time thing yes, but spammers do massive bulk send outs

0

Share this post


Link to post
Share on other sites
Image tracking? You could tell what ip it came form but how would one know which email it was associated with, if it was a one time thing yes, but spammers do massive bulk send outs

True, they can get your IP (just tested it myself with my own gmail account using the same image trick in my hak5 profile), and if your browser sends referrer info with session data, I imagine they can get that as well, but that would depend on your browser and settings.

I often see things in my server logs from people who open emails from forwarded links which contains a referrer that includes a link to their inbox and dependign on the email system, a session key. How they can use that (or if that is even what they use), im not sure, but I'd much rather not open the emails to find out what their methods of extraction are.

If they had a system that generated a random hash in the image url and associated it with an email address, they could have a system that automates the checking, so if hash "xxx" gets viewied, it grabs the associated email and puts it in another database for found emails.

0

Share this post


Link to post
Share on other sites
Interesting concept, would be tricky put possible!

Actually, unless I'm missing something, it could be fairly simple. All it would take, I believe, is some simple PHP (and optionally an SQL database). The tracking itself could run from a lone PHP file with nothing else, because I don't think a hash would even be necessary. (forgive me if I'm wrong and this triggers spam or filters) but people could simply embed an image "example.com/images.php?id=your_email", could they not?

0

Share this post


Link to post
Share on other sites
Actually, unless I'm missing something, it could be fairly simple. All it would take, I believe, is some simple PHP (and optionally an SQL database). The tracking itself could run from a lone PHP file with nothing else, because I don't think a hash would even be necessary. (forgive me if I'm wrong and this triggers spam or filters) but people could simply embed an image "example.com/images.php?id=your_email", could they not?

Exactly my point. if you open an email with an image that pulls from the web, you can get their IP address, and if that image uses php and the url contains somethign relavent to the email, it just confirms their findings, all while being automated on their end, they just sit back and wait for positive replies in their database and harvest what they need.

0

Share this post


Link to post
Share on other sites

how do you encrypt a image with functions to send you back information? (also how do you with a .pdf) or are you talking about hot linking, where someone puts your image on their site and do a [ img ] or < img src =" type thingy and you see in your logs that someone is using alot of your bandwith by hotlinking your images to their site or via email?

0

Share this post


Link to post
Share on other sites

Well i'm still getting those mails,they haven't got what they wanted it seems..

@still learning : i think it is possible using SET ,howto prepare a exploit pdf.

c

0

Share this post


Link to post
Share on other sites
how do you encrypt a image with functions to send you back information? (also how do you with a .pdf) or are you talking about hot linking, where someone puts your image on their site and do a [ img ] or < img src =" type thingy and you see in your logs that someone is using alot of your bandwith by hotlinking your images to their site or via email?

I don't believe there is any way (at least not an easy way) to encrypt functions into an image. I was talking about hot linking (and logs wouldn't even be necessary).

0

Share this post


Link to post
Share on other sites