WARNING - attachements

[Guest guest]

Hi All

The previous post from Greg Greer (Re: Seeing Other Points of View)

appears to have come with attachments. The attachment icons appear at

the very end of a very long, unedited post (one of the dangers of not

editing out old posts ... sorry Greg!) Greg, did you send attachments

with this post?

Other posts may have attachments in them as well, I have not read

them all yet, and again I caution folks against opening them unless

the sender says " I am sending an attachment " and you know that it is safe.

Currently our Yahoo group is set to accept attachments, but, not

certain how widespread this problem is right now, but I am disabling

that feature until further word from . If you want to post a

file or a photo, you can still upload these to the files or photos section.

- Helen

[Guest guest]

SORR - EE.

Yes, I've offended too against the safety convention and sent a photo as an

attachment yesterday.

Just a harmless item to amuse everyone. Mea culpa,

I do make a consistent effort to cut out any extraneous material from any

replies that I send in, and to retitle any posting appropriately.

Ron.

Subject: WARNING - attachements

Hi All

Currently our Yahoo group is set to accept attachments, but, not

certain how widespread this problem is right now, but I am disabling

that feature until further word from . If you want to post a

file or a photo, you can still upload these to the files or photos section.

- Helen

[Guest guest]

WD Loughman wrote:

> Helen Foisy wrote:

>> Thanks Tim, that makes sense. Ok Greg you are exonerated. <smile!>

>> - Helen

>>

>> At 07:25 PM 3/17/2008, Tim wrote:

>>

>>> With so many of you using HTML it takes little to break the thing and

>>> that might explain it. No messages have attachments like that apart from

>>> a few with Yahoo gif logo stuff. (Greg is posting those, looks, from ibm

>>> using Lotus Notes Release 8.0) <snip>

>

> I just gotta say something here. [ Comment please, Tim? Or anyone. ]

>

> This may be a new *kind* of malware, I believe.

> It's not gotten a lot of attention because not so many people have

> seen it. So those folk whose job it is to notice, ...haven't. At least

> I've not read any reports, nor speculation.

>

> As far back as early 2007, I've gotten a few of what I *think* you're

> describing. None yet from ASPIRES; but from a few other organizations

> and individuals. One even came through a USENET group in late 2007.

>

> What I see is a tiny graphic, as small as 1-pixel but sometimes a very

> thin, very short horizontal blue line. The messages are HTML, always

> short, vapid and having nothing to do with the Subject line.

Exactly what those are.

(the chinese etc. spam advertisements are usually just images,

workaround for spam blocking, no text to spot as spam, very typically

company share fraud playing on worthless stocks, bump and dump, and yes

there are idiots who fall for it! Last I heard of was an old boy who

sunk £40,000, his life savings, his son was hopping mad)

What you see will depend on your email client and perhaps also the mode

you are using.

I've just turned on full HTML rendering on one of Greg's messages. His

are fine in plain text as I normally use, with HTML the expected visual

nonsense appears, perfectly competent, just that I don't like it.

The attachments remain attachments even if I say display inline in the

message.

However... my client is showing a security warning, the old nut of

remotely hosted images. What is in the email is a link to images

residing on a remote internet server.

This is good practice from the point of view of minimising email size

but is a severe security flaw. If I tell the client, okay, I trust the

sender, it will go and get the remote images, displaying them.

In this case the maliciousness is clear, the size of the remote image is

smaller than the code in the message to get it.

The problems are twofold: -

1. spammers love these. When spammers use these almost always the image

has a special filename on the server which tell the spammer, hey man,

you just found a real human. Have more spam on that email address.

A notorious flaw in Outlook up to version 2003 was the impossibility of

blocking these images. Just view a message,,, the spammer has you.

2. there are historically loads of security exploits of graphic files,

gif, jpg, png. Load one on a system with that particular hole, you are

about to get infected from remote. (or a crash or whatever)

Advice about never open attachments or visit links, yeah... and it

happens automatically.

Lets see what Greg has remote...

Not a lot.

I've attached the attachments from Greg's message, Part x these are gif

Yahoo group logo and the blank 1x1 pixel.

Here below is the sinister stuff, edited so it won't work and will show

in text. Sinister? Oh yes, this is Yahoo tracking you, calls home to

Yahoo when you view the message. Note the group ID: grpId=12457805,

message ID: msgId=3172 etc.

Just block the bastards. Email is plain text or you are asking for bad

things. Same thing just accepting a web browser as supplied.

Why do you think Yahoo, MSN, Google and so on are falling over

themselves to track you? Stop them and the web is near unusable.

[!-- |**|begin egp html banner|**| --]

[img

srz= " hztp://geo.yahoo.com/serv?s=97476590/grpId=12457805/grpspId=1705132763/msgI\

d=3172/stime=1205759960 "

width= " 1 " height= " 1 " ] [br]

[!-- |**|end egp html banner|**| --]

Claiming 1x1 pixel is a banner is fraudulent.

So what is that Yahoo server? Have a look (safe) http://geo.yahoo.com/

Why geo? Most likely because it also geolocates you, sees the image

requesting address, ie. you, and looks it up.

Side effects?

Of course... what happens if someone forwards the email to someone else

and they view it?

Bit by bit builds a picture. All about getting money, more they know the

more you are worth to advertisers.

Evil? Yes. Legal? No, but would wriggle like hell if challenged. Would

claim not personally identifiable, bullshit.

I've helped play social engineering. We used some ploys to get people to

visit a web site we controlled. One of these... the people had to turn

on a facility then went and told us all about it, and hey they just gave

us the key to their address book. There was no ill intent, just a proof

of concept. (I could get the info by other means)

All we did is say, if you want an easy to use copy of your contact list,

turn on the obfustated public version, go to this web site and it will

translate it for you. So they did, in droves. Not realising the server

might just keep a copy.

Shades of my infamous photo virgina.jpg, in full flush or however I

worded it.

Which was jumped on by blokes assuming virgina was a person. As intended

this went straight to the top of the download chart.

[Guest guest]

> So what is that Yahoo server? Have a look (safe) http://geo.yahoo.com/> > Why geo? Most likely because it also geolocates you, sees the image> requesting address, ie. you, and looks it up.Geocities is part of Yahoo. Check out www.geocities.com, they'd like to host your website. Thus "geo" in much of Yahoo's URL's.Regards,Anita