(中文文字来源于“中国数字部落(DIGIBLOG_ORG) - 无关紧要的消息”:http://digiblog.org/)
(p.s.:Spammer's Compendium用实例列举了垃圾邮件制造者绝大多数的伎俩,不得不感叹spammer们的智慧。)
WIRED:虽然垃圾邮件让所有的人都烦恼,也让Internet的速度降低了60%,但是殊不知垃圾邮件事实上也蕴涵了很多高科技的成分,尤其是在现在这场发垃圾和反垃圾的高科技战斗之中。
除了黑名单之外,目前最被看好的反垃圾方式应该就是Bayesian规则了。通过识别原来的垃圾邮件的内容,自动判别下一封Email属于垃圾邮件的可能性。这几乎就是人工智能和真人智能的比赛,因为能够发出垃圾邮件的人也并非等闲之辈他们往往都自己亲自安装一些最好的反垃圾邮件设备,比如Inboxer和POPFile,不断地调整自己的发送技巧以尽可能地躲过被过虑掉的结果。
一位软件工程师制作了一份“垃圾邮件者纲要(Spammer's Compendium)”,不断更新地列举了垃圾邮件中采用的最奇妙和下流的办法,比如使用各种非可见的HTML代码等(如果你是一位业余垃圾邮件发送者,看一下应该会有不少收获的)。不过最让人感到好玩的还要算是使用了最新的一个研究课题-人类阅读的机制(也就是著名的Can You Raed Tihs)。所以有些垃圾邮件的内容里几乎没有一个拼写正确的单词,但是你却可以没有什么障碍的阅读,比如这个。这些技巧对于Bayesian来说也是一个不小的挑战,当然如果他们漏网了,你确实可以惊叹一下发送者的巧妙用心。
这场战斗是一定要持续下去的,这些只是垃圾邮件们在超速进化中的一些故事而已。
The Spammers' CompendiumBeing a public exposition of tricks,
secret ploys, ruses and techniques
employed by those that send many
scurrilous messages through the ether
using the mysteries of electronics and
other modern marvels to dazzle the eye,
lighten the wallet and clog the recipient.
BackgroundI gave a talk entitled The Spammers' Compendium at the MIT Spam Conference and decided to keep it updated in a non-Powerpoint form. Hence this page was born.
I last updated it on September 15, 2003
Each entry consists of five items:
What: Simple description of the entry
Popularity: How common the trick is: common, sometimes, rare
Complexity: How complex the trick is: simple, clever, dastardly
Date added: When this entry was made
Example from the wild: Actual example from email seen in the wild
The Tricks
The Big PictureWhat: The entire email consists of a small HTML page consisting of an image enclosed in a single hyperlink.
Popularity: Common
Complexity: Simple
Date added: January 17, 2003
Example from the wild: <html>
<img src="http://www.your-info-station.com/Sla/chalkboard.gif">
<div><a href="http://www.your-info-station.com/Sla/eb.php?x=52c">
<img src="http://www.your-info-station.com/Sla/pitch.gif">
</a></html>
April 29, 2003: Scott Schram points out that some instances of this are being sent with valid but unrelated text before and after the image.
Invisible InkWhat: Use of white text on a white background containing words designed to confuse a filter.
Popularity: Common
Complexity: Clever
Date added: January 17, 2003
Example from the wild: <font color="white" size="-1">search words: suspensory obscure
aristocratical meningorachidian unafeared brahmachari</font>
The Daily NewsWhat: Insert a piece of current news in a bogus HTML tag.
Popularity: Rare
Complexity: Clever
Date added: January 17, 2003
Example from the wild: <Despite statements last week from chief U.N. inspector Hans Blix that
full cooperation was expected from Iraq, Iraqi Foreign Minister Naji
Sabri lashed out at the United Nations in a 19-page letter to Secretary-
General Kofi Annan written in Arabic. In it, Sabri repeated previous
claims that Iraq has no weapons of mass destruction and that the inspections
are just a false pretense for the United States and Britain to attack his
country. Sabri assailed U.N. Security Council resolution 1441, adopted
November 8, that called for Iraq to give immediate, unfettered access
to weapons inspectors. Iraq "is being subjected to terrorism for more than
30 years from international and regional powers," he wrote. "And Iraq's under
a daily aggression represented in the terrorism of the U.S. and Britain through
the imposition of the no-fly zones." Iraq has shot at U.S. and British aircraft
repeatedly in the no-fly zones since they were established after the Persian
Gulf War, and coalition aircraft have fired on Iraqi bases in response. In
the most recent action, coalition aircraft struck a mobile radar system
Saturday in the southern no-fly zone, according to the U.S. Central Command.
The Iraqi News Agency said the aircraft fired on civilian and service
facilities. After Iraq fired on U.S. and British planes last week, U.S.
officials said the attacks constituted a "material breach" of Resolution 1441,
which could trigger a meeting of the U.N. Security Council at which the
United States could call for military action against Iraq>
Hypertextus InterruptusWhat: Split words using HTML comments, pairs of zero width tags, or bogus tags
Popularity: Common
Complexity: Clever
Date added: January 17, 2003
Examples from the wild: milli<!-- xe64 -->onaire
Fi</n>nd N</n>ew </n>Fri</n>end</n>s
Vi<b></b>agra
F<XYZ>r<XXYA>ee
September 15, 2003: Another example comes from Tim Peters, this uses a Microsoft-only HTML tag <comment> to insert ignored text into the word Viagra: Via<comment>6q5r7</comment>gra
Slice and DiceWhat: Use a table to send words through as individual letters arranged top to bottom but read left to right
Popularity: Rare
Complexity: Dastardly
Date added: January 17, 2003
Example from the wild: (picture) <table cellpadding=0 cellspacing=0 border=0><tr>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td>
<font face="Courier New, Courier, mono" size=2>
<br>U<br> <br>O<br>a<br> <br>D<br>u<br>a
<br> <br>N<br> <br>B<br>d<br> <br>N<br>
<br>C<br> <br>C<br>w<br> <br>1<br> <br>
<br> <br>1<br> <br>C<br>S<br></font></td></tr></table></td>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td><font
face="Courier New, Courier, mono" size=2>
<br> N <br> <br>bta
<br>nd <br> <br>ipl<br>niv<br>nd <br>
<br>o r<br> <br>ach<br>ipl
<br> <br>o o<br> <br>onf<br>
<br>ALL<br>ith<br> <br> -
<br> <br> <br> <br>
- <br> <br>all<br>und<br></font></td></tr></table></td>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td><font
face="Courier New, Courier, mono" size=2>
<br>I V<br> <br>in <br>the
<br> <br>oma<br>ers<br>lif<br> <br>equ
<br> <br>elo<br>oma<br> <br>ne <br>
<br>ide<br> <br> NO<br>in <br>
<br>3 1<br> <br>
<br> <br>2 1<br> <br> 24<br>ays
<br></font></td></tr></table></td>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td><font face="Courier
New, Courier, mono" size=2>
<br> E<br> <br>a <br> a<br>
<br>s <br>it<br>e <br> <br>ir<br> <br>rs<br>s
<br> <br>is<br> <br>nt<br> <br>W
<br>da<br> <br> 2<br> <br> <br>
<br> 2<br> <br> h<br> a<br></font></td></tr></table></td>
MIME is MoneyWhat: Send two part MIME document, text/plain part contains bogus text, text/html part contains the spam message
Popularity: Rare
Complexity: Very clever
Date added: January 17, 2003
Example from the wild: ------=_NextPart_001_2D3DF_01C29D73.26716240
Content-Type: text/plain;
The modes of letting vacant farms, the duty of supplying buildings and permanent
improvements, and the form in which rent is to be received, have all been carefully
discussed in the older financial treatises. Most of these questions belong to
practical administration, and are, moreover, not of great interest in modern times.
Certain plain rules, may, however, be stated. The claims of successors to the late
tenant should not be overlooked; it is better for the tenure to be continued without
break, and therefore the question of new letting ought rarely to
occur.
------=_NextPart_001_2D3DF_01C29D73.26716240
Content-Type: text/html;
<p><b><font face=Arial>Now is the perfect time to get a mortgage,
and we have a simple and free way for you to get started.</font></b></td>
September 15, 2003: This trick seems to be getting more common.
L O S T i n S P A C EWhat: Insert spaces between letters to make words unrecognizable.
Popularity: Common
Complexity: Simple
Date added: January 17, 2003
Examples from the wild: M O R T G A G E
F*R*E*E V扞扐扜扲扐 O*N*L*I*N*E
EnigmaWhat: Use URL encoding to hide URLs
Popularity: Rare
Complexity: Clever
Date added: January 17, 2003
Example: http://7763631671/obscure.htm
http://0xCeBF9e37/obscure.htm
http://0316.0277.0236.067/obscure.htm
http://3468664375@3468664375/o%62s%63ur%65%2e%68t%6D
Script WriterWhat: Keep HTML body of email in a Javascript that fires when the email is opened
Popularity: Rare
Complexity: Clever
Date added: January 17, 2003
Example from the wild: <HTML><HEAD><SCRIPT LANGUAGE="Javascript"><!-- var Words="%3CHTML%3E%0D%0A%3CHEAD%3E%0D
%0A%3CTITLE%3E%3C/TITLE%3E%0D%0A%3CMETA%20HTTP-EQUIV%3D%22Content-Type%22%20CONTENT
%3D%22text/html%3B%20charset%3DBig5%22%3E%0D%0A%3CMETA%20HTTP-EQUIV%3D%22Expires%22
%20CONTENT%3D%22Sat%2C%201%20Jan%202000%2000%3A00%3A00%20GMT%22%3E%0D%0A%3CMETA%20
HTTP-EQUIV%3D%22Pragma%22%20CONTENT%3D%22no-cache%22%3E%0D%0A%3C/HEAD%3E%0D%0A%3C
FRAMESET%20ROWS%3D%22100%25%2C0%22%20FRAMEBORDER%3DNO%20BORDER%3D%220%22%20
FRAMESPACING%3D0%3E%0D%0A%3CFRAME%20SRC%3D%22
http%3A//203.204.53.231/a1_K_2/e12w_k2/a_w_a_0__2k-1_second%22%20NAME%3D%22A
MENU%22%20SCROLLING%3DAUTO%20MARGINHEIGHT%3D0%20MARGINWIDTH%3D0%3E%0D%0A%3C
FRAME%20SRC%3D%22%22%20SCROLLING%3DNO%20noresize%3E%0D%0A%3C/FRAMESET%3E%0D%0A
%3CNOFRAMES%3E%0D%0A%3C/NOFRAMES%3E%0D%0A%3C/HTML%3E%0D%0A?function
SetNewWords() { var NewWords; NewWords = unescape(Words); document.write(NewWords);
} SetNewWords(); // --> </SCRIPT> </HEAD> <BODY> </BODY> </HTML>
Ze Foreign AccentWhat: Replace letters with numbers or use nonsense accents
Popularity: Common
Complexity: Simple
Date added: January 17, 2003
Example from the wild: V1DE0 T4PE M0RTG4GE
F醤t醩t扃 -- e醨n m鮪閥 thr魎gh un珲lle鐃ed judgments
Speaking in TonguesWhat: Large nonsense words designed to mess up CRC based spam identification
Popularity: Common
Complexity: Clever
Date added: January 17, 2003
Example from the wild: crecrephaswukutugucrovazichonuprixisluwephimajoq
The Black HoleWhat: Use of font size 0 to break up words with zero width spaces
Popularity: Rare
Complexity: Clever
Date added: April 1, 2003
Example from the wild: V<font size=0> </font>i<font size=0> </font>a<font size=0>
</font>g<font size=0> </font>r<font size=0> </font>a
A Numbers GameWhat: Use HTML entities instead of letters
Popularity: Rare
Complexity: Simple
Date added: April 1, 2003
Example from the wild: Watch Dogs slurp you
ng girls puss
Bogus LoginWhat: Use URL username@host syntax to disguise a URL.
Popularity: Rare
Complexity: Simple
Date added: April 6, 2003
Example from the wild: (this example also use % encoding of the URL to further disguise it) <a href="http://1011100110010010100101010101010101010010110010100110011000101010
10010101010010101001010010101010100110011010101010010101001010011001010101010101
01011011010011100110@%68%6B%2E%67%65%6F%63%69%74%69%65%73%2E%63%6F%6D/%6C%6F%76%
65%67%69%6C%6C%67%69%6C%6C"><font color="#FFFFFF">Click Here</font></a>
Honey, I shrunk the fontWhat: Use very small (size 1) font to hide bogus text (see also The Black Hole)
Popularity: Rare
Complexity: Simple
Date added: April 6, 2003
Example from the wild: (Notice how the spammer didn't follow the instructions and managed to leave the instructions in the spam :-) (This spam also uses Invisible Ink for these words) <p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Random word of
BIG LETTERS with length 1 to 22 TSUTHRXJKVUVBECP</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Random word of
small letters with length 1 to 16 uyswdgueoclrwlf</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Random word of
mixed symbols with length 1 to 27 7y14R484w1m7531X</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Your text 9, note,
maximum length of tag is 255 symbols</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF"></font></p>
No Whitespace No CryWhat: Since many languages separate words with spaces, and since many spam filters do the same this spammer decided that replacing spaces with something else was a good idea.
Popularity: Rare
Complexity: Dumb
Date added: May 15, 2003
Example from the wild: DidAyouFknowNyouMcanBgetVprescriptionVmedications prescribedTonlineTwith
NORPRIORRPRESCRIPTIONRREQUIRED!
WeZhaveztheXlargestLselectionLofNprescriptionsNavailableZonline!
LowestzPrices -- NextzDayxDelivery
Honorary TitleWhat: Another way of hiding text in an HTML email by placing it in the <title> which is unlikely to be displayed by the email client.
Popularity: Rare
Complexity: Simple
Date added: May 27, 2003
Example from the wild: <title>dinosaur reptile ghueej egrjerijg gerrg</title>
CamouflageWhat: Like Invisible Ink, but instead of using identical colors (e.g. white on white) use very similar colors.
Popularity: Rare
Complexity: Very clever
Date added: June 2, 2003
Example from the wild: (The colors 1133333, 123939, and 423939 are chosen to be very similar without being the same) <table bgcolor="#113333"><tr><td><font color="#123939">those rearing lands</font><br>
<table><tr><td><br><font color="yellow" size=5><b>Plasticine sex-cartoons.</b></font><br>
<font color="#423939">eel harness highest</font><br>
<font color="white" size=3>Absolutely new category of adu1t sites.
</td></tr></table>
<font color="#123939">nobody jets held<br>Northumbria- diamond sleep</font></td></tr></table>
And In The Right CornerWhat: Adding a legitimate but odd word at the far right of the subject line (typically preceded with lots of spaces and tabs). The word is design to poison a Bayesian filter and alter the spam's hash value.
Popularity: Rare
Complexity: Clever
Date added: June 18, 2003
Example from the wild: (Thanks for Gary Robinson for pointing this one out) Subject: FEATURED IN MAJOR MAGAZINES algorithmic
A Form of DesperationWhat: Hiding text by placing it in the name of a hidden form field
Popularity: Rare
Complexity: Clever
Date added: June 24, 2003
Example from the wild: Get The <font color="#FF0000"> LOWE<input type="hidden" name=gfrtde>ST PR<input
type="hidden" name=zawsxd>ICE </font> On Your N<input type="hidden" name=plkmju>ew Car
September 15, 2003: Another example came in from Darren J. Young that uses the value tag and fills it with a phrase from current events: <input type=hidden value="The Los Angeles Film Critics on Saturday picked 'About Schmidt,'
the drama starring Jack Nicholson, as the year's top movie, splitting the two major critics'
awards so far as the 2002 Hollywood movie awards season heads into a pivotal week
with more honors ahead.">
It's Mini Marquee!What: Using the <marquee> tag the spammer can hide text in a tiny unobtrusive square.
Popularity: Rare
Complexity: Fairly Clever
Date added: July 9, 2003
Example from the wild: <marquee bgcolor="white" height="8" width="8">Did you ever play that game
when you were a kid where the little plastic hippo tries to gobble up all
your marbles?</marquee>
You've been framedWhat: Using the <noframes> tag the spammer can hide text and break up words.
Popularity: Fairly Common
Complexity: Fairly Clever
Date added: September 15, 2003
Example from the wild: Ere<frame><noframes>ywl55</noframes></frame>ctions
Control FreakWhat: Use of non-printing characters, especially in the Subject and especially NUL to mess up filters that use 0 terminated strings.
Popularity: Rare
Complexity: Clever
Date added: September 15, 2003
Don't Cramp My StyleWhat: Enclose text within <style> tags to hide it from user but confuse filters.
Popularity: Very Rare
Complexity: Fairly Clever
Date added: September 15, 2003
Example from the wild: <style>RANDOM</style>
Common EncodingsMany spam emails use quoted printable and base64 encoding on top of the tricks outlined on the right. Any spam filter needs to be able to understand both of these and MIME nested encoding (e.g. base64 on top of quoted printable). A quoted printable example from the wild (used the Black Hole trick): V<font size=3D0> </font>i<font size=3D0> </font>a<fo=
nt size=3D0> </font>g<font size=3D0> </font>r<font size=3D0>&nbs=
p;</font>a
A base64 example from the wild (note that this used very long base64 lines that do not meet the standard): ------=_NextPart_000_60BF_00005753.000048CC
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: base64
PEhUTUw+PEJPRFkgQkdDT0xPUj0iIzAwMDAwMCI+PC9QPjxQIEFMSUdOPUNFTlRFUj48Rk9OVCAgQ09MT1I
9IiNmZjAwMDAiIEJBQ0s9IiMwMDAwMDAiIHN0eWxlPSJCQUNLR1JPVU5ELUNPTE9SOiAjMDAwMDAwIiBTSV
pFPTYgUFRTSVpFPTI0PlRoZSBob3R0ZXN0IEdpcmxzIE9ubGluZSE8QlI+DQpTdG9wIHdhc3RpbmcgeW91c
iB0aW1lIHdpdGggNSBzZWM8QlI+DQp2aWRlbyBjbGlwcyEgQ29tZSB0byBvdXIgc2l0ZSBmb3I8QlI+DQpG
cmVlIEZ1bGwgTGVuZ3RoIE1vdmllcyE8QlI+DQo8QSBIUkVGPSJodHRwOi8vd2NhbWF0ZXVycy5jb20vbC9
ibCI+V2h5IHdhaXQsIHNlZSBmb3IgRnJlZTwvQT48L0ZPTlQ+PEZPTlQgIENPTE9SPSIjZmYwMDAwIiBCQU
NLPSIjMDAwMDAwIiBzdHlsZT0iQkFDS0dST1VORC1DT0xPUjogIzAwMDAwMCIgU0laRT02IFBUU0laRT0yN
CBGQU1JTFk9IlNBTlNTRVJJRiIgRkFDRT0iQXJpYWwiIExBTkc9IjAiPjxCUj4NCjwvUD48UCBBTElHTj1M
RUZUPjwvRk9OVD48Rk9OVCAgQ09MT1I9IiNmZjAwMDAiIEJBQ0s9IiMwMDAwMDAiIHN0eWxlPSJCQUNLR1J
PVU5ELUNPTE9SOiAjMDAwMDAwIiBTSVpFPTMgUFRTSVpFPTExIEZBTUlMWT0iU0FOU1NFUklGIiBGQUNFPS
JBcmlhbCIgTEFORz0iMCI+PEJSPg0KPC9GT05UPjxGT05UICBDT0xPUj0iIzAwMDBmZiIgQkFDSz0iIzAwM
DAwMCIgc3R5bGU9IkJBQ0tHUk9VTkQtQ09MT1I6ICMwMDAwMDAiIFNJWkU9NiBQVFNJWkU9MjQgR!
kFNSUxZPSJTQU5TU0VSSUYiIEZBQ0U9IkFyaWFsIiBMQU5HPSIwIj48QSBIUkVGPSJodHRwOi8vd2NhbWF
0ZXVycy5jb20vbC9yIj5ObyBtb3JlIG1haWwgaGVyZTwvQT48L0ZPTlQ+PC9IVE1MPg0K
------=_NextPart_000_60BF_00005753.000048CC--
A Complex ExampleThis is an example of a real email that uses multiple techniques to disguise its contents: PGh0bWw+DQo8YSBocmVmPSJodHRwOi8vJTc3JTc3dy5wJTYxJTczJTczNCU2
NiU3MmUlNjUlMkVuZXQvcGIzLyIgVDhJPjxGT05UIFNJWkU9NT48Qj4mIzg3
OyYjOTc7PCFLND50PCE0YTQ1PmMmIzEwNDs8IVBKMHV1PiAmIzY4OzwhT1Ux
MGRRPm88IWgzMj5nPCFOWDc4PnM8IUY0NzZ0PiAmIzExNTsmIzEwODs8IXkw
eDY+dSYjMTE0OzwhV1ZRPnAmIzMyOzwhMW0+eTwhS1NrUD5vPCFvMzVBZT51
JiMxMTA7JiMxMDM7PCE0N2ViVTM+ICYjMTAzOyYjMTA1OyYjMTE0OyYjMTA4
OyYjMTE1OyYjMzI7PCF5MjU+cCYjMTE3OzwhOFljPnMmIzExNTsmIzEyMTs8
ITVSaTQ+JzwhcEdTNj5zJiMzMjsmIzk3OzwhQWgxPnMmIzMyOyYjMTE2OyYj
MTA0OzwhMXJKM1JIPmU8IW84V1h1PnkmIzMyOzwhMzU+czwhMFE3ND5jJiMx
MTQ7PCFSZnA+ZTwhUGw+YTwhSzQ+bTwhNGE0NT4gJiMxMDI7PCFQSjB1dT5v
JiMxMTQ7PCFPVTEwZFE+IDwhaDMyPm08IU5YNzg+bzwhRjQ3NnQ+ciYjMTAx
OyYjMzM7PC9mb250PjwvYT48QlI+DQo8QlIgck0wc1JhUHE+PGEgaHJlZj0i
aHR0cDovL3d3dyUyRSU3MCU2MSU3MyU3MyUzNGZyZWUlMkUlNkUlNjV0L3Bi
My8iIDFySjNSSEJvOFcgdW5TVlQ3PjxGT05UIFNJWkU9ND48Qj48IXkweDY+
QyYjMTA4OzwhV1ZRPmkmIzk5OzwhMW0+azwhS1NrUD4gPCFvMzVBZT5IJiMx
MDE7JiMxMTQ7PCE0N2ViVTM+ZTwvZm9udD48L2E+PEJSPjxCUj48QlI+PEJS
PjxCUj48QlI+PEJSPiYjMTM7JiMxMDsmIzY5OyYjMTA5OyYjOTc7JiMxMDU7
PCF5MjU+bCYjMzI7PCE4WWM+QiYjOTc7JiMxMDA7PCE1Umk0Pj88QlIgUlIg
Mk1PZHZjTT4NCm5vIG1vcmUgPGEgaHJlZj0iaHR0cDovL3JlbW92ZSUyRSU2
RGUlNzMlNzNhJTY3JTY1bSU2NW4lNkYlNzcuJTZFZXQvIiBSZnBOUD5DbGlj
ayBIZXJlPC9hPjxCUj4NCjxCUj48L2h0bWw+DQoNCmFQcTgyTU9kICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBjTUo=
Removing the base64 encoding reveals the following odd looking HTML. <html> <a href="http://%77%77w.p%61%73%734%66%72e%65%2Enet/pb3/"
T8I><FONT SIZE=5><B>Wa<!K4>t
<!4a45>ch<!PJ0uu> D<!OU10dQ>o
<!h32>g<!NX78>s<!F476t> sl<
!y0x6>ur<!WVQ>p <!1m>y<!KSkP>
o<!o35Ae>ung<!47ebU3>
girls <!y25
>pu<!8Yc>ssy<!5Ri4>'<
!pGS6>s a<!Ah1>s t
h<!1rJ3RH>e<!o8WXu>y <!35
>s<!0Q74>cr<!Rfp>e<!Pl>a<!K4
>m<!4a45> f<!PJ0uu>or<!OU10dQ
> <!h32>m<!NX78>o<!F476t>re!
</font></a><BR> <BR rM0sRaPq><a
href="http://www%2E%70%61%73%73%34free%2E%6E%65t/pb3/"
1rJ3RHBo8W unSVT7><FONT SIZE=4><B><!y0x6
>Cl<!WVQ>ic<!1m>k<!KSkP
> <!o35Ae>Her<!47ebU3>e
</font></a><BR><BR><BR><BR><BR>
<BR><BR> Emai
<!y25>l <!8Yc>Bad<!5Ri4>?
<BR RR 2MOdvcM> no more <a
href="http://remove%2E%6De%73%73a%67%65m%65n%6F%77.%6Eet/" RfpNP
>Click Here</a><BR> <BR></html>
aPq82MOd cMJ
The email uses bad HTML tags to split words (Hypertextus Interruptus), URL encoding to hide the URLs used (Enigma), HTML entities to hide letters (A Numbers Game) and spaces (Lost in Space). Removing the bad HTML used to split words (Hypertextus Interruptus) reveals: <html> <a href="http://%77%77w.p%61%73%734%66%72e%65%2Enet/pb3/"
T8I><FONT SIZE=5><B>Watch
Dogs slurp youn
g girls p
ussy's as t
hey scream for more
!</font></a><BR> <BR rM0sRaPq><a
href="http://www%2E%70%61%73%73%34free%2E%6E%65t/pb3/" 1rJ3RHBo8W
unSVT7><FONT SIZE=4><B>Cl ic k H
er e</font></a><BR><BR>
<BR><BR><BR><BR><BR>
Emai l  Bad?
<BR RR 2MOdvcM> no more <a
href="http://remove%2E%6De%73%73a%67%65m%65n%6F%77.%6Eet/" RfpNP
>Click Here</a><BR> <BR></html>
aPq82MOd cMJ
Removing the URL encoding (Enigma) reveals: <html>
<a href="http://www.pass4free.net/pb3/"><FONT SIZE=5>
<B>Watch Dogs slurp you
ng girls puss
y's as they scream fo
r more!</font></a><BR> <BR><a
href="http://www.pass4free.net/pb3/"><FONT SIZE=4><B>Cl
ic k Her e</font></a><BR><BR><BR><BR><BR><BR><BR>
Emai l  Bad?<BR>
no more <a href="http://remove.messagemenow.net/">Click Here
</a><BR> <BR></html>
aPq82MOd cMJ
Then removing the HTML entities (A Numbers Game) reveals the true message: <html> <a href="http://www.pass4free.net/pb3/"><FONT SIZE=5><B>
Watch dogs slurp young girls pussy抯 as they scream for more!</font></a>
<BR> <BR><a href="http://www.pass4free.net/pb3/"><FONT SIZE=4><B>Cl i c k Her e</font>
</a><BR><BR><BR><BR><BR><BR><BR> Email Bad?<BR> no more
<a href="http://remove.messagemenow.net/">Click Here</a>
<BR> <BR></html> aPq82MOd cMJ
webmaster@jgc.org, Copyright (c) 1999-2003 John Graham-Cumming
