Spam and Viruses: Unholy Matrimony, Part 2 - Page 2

 By Carla Schroder
Page 2 of 2   |  Back to Page 1
Print Article

How to Find Malicious Code

Studying a spam or virus message in plain text is a fascinating exercise in misplaced ingenuity. (If only that energy were devoted to good and useful activities!) Be sure to read suspect HTML messages in plain text only! A rich source of spam messages to study is the Usenet group news.admin.net-abuse.sightings.

Web Bugs
A person can spend a lot of time looking for Web Bugs, as they are sneaky little buggers. Here's one example from The Privacy Foundation:

<img width='1' height='1' src="http://www.m0.net/m/logopen02.asp? vid=3&catid=370153037&email=SMITHS %40tiac.net" alt=" "><IMG SRC= "http://email.bn.com/cgi-bin/flosensing? x=ABYoAEhouX">

Web bugs will typically plant a transparent 1-pixel by 1-pixel .gif attached to a URL. Web bugs confirm your email address to the sender, use cookies and third-party servers to track and record your movements, and build a profile of your surfing activities.

Making matters worse, if you happen to enter personally identifiable information on any of the co-conspirator sites, all of them will be able to link your activities to your name. There is some debate about whether Web bugs are evil, but anything that is so sneaky is highly suspect to me. I've yet to see any disclosure on sites that use these, and of course spammers aren't going to say anything.

Decoding Malicious HTML
Much of what you see is an attempt to evade spam filters by breaking up key words with HTML tags and comments. Newer spam filters are not fooled.