Results 1 to 3 of 3

Thread: Strange HTML code

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,528

    Strange HTML code

    Shown below as HTML code is part of an extortion email that gets sent to my Hotmail account every once in a while.
    Code:
    <p style=3D"font-size: 12px; font-fam=
    ily: Arial, sans-serif;">G<span class=3D"mso-ljvopyz"></span>r<span class=
    =3D"mso-ysjwunk"></span>e<span class=3D"mso-jsmansp"></span>e<span class=3D=
    "mso-biwfucf"></span>t<span class=3D"mso-cflrgiw"></span>i<span class=3D"ms=
    o-dgwzdgg"></span>n<span class=3D"mso-caqrivu"></span>g<span class=3D"mso-z=
    okjixk"></span>s<span class=3D"mso-tmeezpn"></span>!<span class=3D"mso-lukp=
    ghp"></span></p>=0A=
    If you look closely you will find a single character in front of each <span> tag that together spell out "Greetings!". Why would someone go to all this effort? Is it simply an effort to hide the message content? If it was, it did not work, as the message was quarantined anyway.

    J.A. Coutts

  2. #2
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Location
    South Louisiana
    Posts
    11,987

    Re: Strange HTML code

    My guess is to evade email filters. Basically, by obfuscating the HTML and using character encoding it can sometimes cause the filters not to work.
    Last edited by dday9; Dec 1st, 2023 at 10:31 AM.
    "Code is like humor. When you have to explain it, it is bad." - Cory House
    VbLessons | Code Tags | Sword of Fury - Jameram

  3. #3

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,528

    Re: Strange HTML code

    Quote Originally Posted by dday9 View Post
    My guess is to evade email filters. Basically, by obfuscating the HTML and using character encoding it can somethings cause the filters not to work.
    I kinda have to agree. There seems to be a surge in scam emails lately, the majority of which originate from Outlook 365 or Gmail. Messages from these sources are hard to trace, because neither publishes the originating IP address. The latest one was in German and made it through. It traced back to AmazonAWS via the Domain name "stromzentrum.com", which Outlook said was permitted to use.

    J.A. Coutts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width