« Bogus Microsoft Lotto with .doc Attachment | Main | Phish Are Jumpin' and the Rotten is High »
Home | The Book | Training | Events | Tools | Stats |
August 20, 2009
Web Beacons Live OnI thought web beacons — images in an HTML-formatted email message whose src attributes include a URL coded with the recipient's email address — were ancient history. The purpose of such a beacon, especially if it is embedded so that the recipient doesn't even know it's there, is to verify that the email address is not only active, but that the message got through and the user actively opened the message. IOW, the address is alive.
When I see from my own server's stats how many thousands of messages daily are either misaddressed or are probing for life (the "Dictionary Attacks" category), perhaps some spammers finally want to clean up their lists to help improve deliverability. I mean, after awhile, the lists get so screwed up that truly valid addresses must become a minuscule portion of the list. Even with botnets and such, the cost-effectiveness of incessantly mailing to less than 1% good addresses has to erode. Are spammers feeling the pinch of these economic times? Well, one can dream.
In any case, here is the HTML source code of a sample (Subject: welcome) I saw today:
<html>
<head>
<title>Beautiful woman</title>
</head>
<body>
[removed]An!!!<br>
<IMG SRC="http://counter.[removed].net:8888/AD.png?eid=[removed]@dannyg.com&pid=gao" HEIGHT="0" WEIGHT="0" BORDER="0">
</body>
</html>
Short and sweet. A tad of gibberish with the email address account name in visible text. Then a zero-sized image that pings a Chinese server along with the email address. Anyone receiving this message in a browser or email client whose settings allow display of images will have his or her address thrown into the valuable pool of valid email addresses.
I was thrilled when Apple added an email preference choice to eliminate loading remote images in the latest iPhone OS 3.0 upgrade. I suspect most smartphone users don't think about the consequences of unfettered HTML-rendered email. If they received the message above, they'd open it, shrug their shoulders at the gibberish, and delete the message. In the meantime, their addresses will have been added to the "live suckers" list. Hope your smartphone has a full battery charge, because the spam's a-comin'.
Posted on August 20, 2009 at 11:23 AM