c0r Posted February 1, 2010 Posted February 1, 2010 I think there's some email scam goin on.. I recieved an email today from mail-noreply@google.com with a link to add an other email alias to my gmail account. So far as i know i didn't ask for this so beware of other mails you recieve! c Beware of the little china men! Quote
digip Posted February 1, 2010 Posted February 1, 2010 The fact that you opened it, means they may have already done what they wanted to do with sending that email. Do you view them through the browser, or port them to some pop email client? I neve ropen gmail in the browser, just for risk that something happens to find a flaw in the webmail and browser itself. If they used tracking images in the email, they may have already gotten what they wanted from the email, a response that someone opened it, and your email address is real, and now the real spam will proceed to flow to your inbox. (Although, gmail is pretty decent with controlling spam) Quote
c0r Posted February 1, 2010 Author Posted February 1, 2010 So just reading the mail could cauze spam to follow? Hmm well i hope gmail stops them.. c Quote
shift Posted February 1, 2010 Posted February 1, 2010 Image tracking? You could tell what ip it came form but how would one know which email it was associated with, if it was a one time thing yes, but spammers do massive bulk send outs Quote
digip Posted February 2, 2010 Posted February 2, 2010 Image tracking? You could tell what ip it came form but how would one know which email it was associated with, if it was a one time thing yes, but spammers do massive bulk send outs True, they can get your IP (just tested it myself with my own gmail account using the same image trick in my hak5 profile), and if your browser sends referrer info with session data, I imagine they can get that as well, but that would depend on your browser and settings. I often see things in my server logs from people who open emails from forwarded links which contains a referrer that includes a link to their inbox and dependign on the email system, a session key. How they can use that (or if that is even what they use), im not sure, but I'd much rather not open the emails to find out what their methods of extraction are. If they had a system that generated a random hash in the image url and associated it with an email address, they could have a system that automates the checking, so if hash "xxx" gets viewied, it grabs the associated email and puts it in another database for found emails. Quote
shift Posted February 2, 2010 Posted February 2, 2010 Interesting concept, would be tricky put possible! Quote
pizzaguy Posted February 6, 2010 Posted February 6, 2010 Interesting concept, would be tricky put possible! Actually, unless I'm missing something, it could be fairly simple. All it would take, I believe, is some simple PHP (and optionally an SQL database). The tracking itself could run from a lone PHP file with nothing else, because I don't think a hash would even be necessary. (forgive me if I'm wrong and this triggers spam or filters) but people could simply embed an image "example.com/images.php?id=your_email", could they not? Quote
digip Posted February 6, 2010 Posted February 6, 2010 Actually, unless I'm missing something, it could be fairly simple. All it would take, I believe, is some simple PHP (and optionally an SQL database). The tracking itself could run from a lone PHP file with nothing else, because I don't think a hash would even be necessary. (forgive me if I'm wrong and this triggers spam or filters) but people could simply embed an image "example.com/images.php?id=your_email", could they not? Exactly my point. if you open an email with an image that pulls from the web, you can get their IP address, and if that image uses php and the url contains somethign relavent to the email, it just confirms their findings, all while being automated on their end, they just sit back and wait for positive replies in their database and harvest what they need. Quote
still learning Posted February 6, 2010 Posted February 6, 2010 how do you encrypt a image with functions to send you back information? (also how do you with a .pdf) or are you talking about hot linking, where someone puts your image on their site and do a [ img ] or < img src =" type thingy and you see in your logs that someone is using alot of your bandwith by hotlinking your images to their site or via email? Quote
c0r Posted February 6, 2010 Author Posted February 6, 2010 Well i'm still getting those mails,they haven't got what they wanted it seems.. @still learning : i think it is possible using SET ,howto prepare a exploit pdf. c Quote
pizzaguy Posted February 6, 2010 Posted February 6, 2010 how do you encrypt a image with functions to send you back information? (also how do you with a .pdf) or are you talking about hot linking, where someone puts your image on their site and do a [ img ] or < img src =" type thingy and you see in your logs that someone is using alot of your bandwith by hotlinking your images to their site or via email? I don't believe there is any way (at least not an easy way) to encrypt functions into an image. I was talking about hot linking (and logs wouldn't even be necessary). Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.