site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Scam and Phishbusters > [Phish] Phishes containing encrypted HTML attachments

Search Topic:
 Uniqs:
855		 Share Topic
Posting?
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
AuthorAll Replies


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX

[Phish] Phishes containing encrypted HTML attachments

I've encountered two of these in the last two days. There was one apparently spoofing Regions Bank, and another doing so with Paypal. In each case, there was an HTML attachment with nothing but encrypted or obfuscated text (perhaps javascript). I usually will save these and edit them in Notepad, then submit the URLs to Google using the Report Web Forgery link in Firefox, but couldn't do anything with them. I also doubt they could be reported to Phishtracker or OpenDNS Phishtank service.

Seems both of these may have come from the same group of cybercriminals. They seemed more sophisticated than previous ones, and I wasn't about to open them in a browser as they could contain malware, so I simply deleted them, attachments and all. They were in my Yahoo spam folder.

Has anyone encountered phishes of this type lately, and maybe found a way to decode the obfuscated or encrypted code?
--
I, for one, welcome our new Computer Overlords.
to forum · permalink · 2011-11-17 18:58:54 ·


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

I've been getting these for several months on my dslr.net e-mail. Phishtracker won't read them. Haven't had time to mess with the code to make it readable yet.

to forum · permalink · 2011-11-18 00:36:06 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to Doctor Four
It is probably obfuscated javascript. Yes, those are annoying.

When I see them, I just load in the browser and see if the browser can make sense of them. If the browser finds a phish url, I'll manually append that to the end of the mail so that phishtracker sees it.

NOTE: I do this on linux from a low privilege account, so as to minimize the risk. I am not suggesting that others try. I advise against opening on a Windows system, particularly if you are logged in as an Administrator.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 8.0

to forum · permalink · 2011-11-18 11:41:24 ·


newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
kudos:1
Reviews:
·Vonage
·DIRECTV

reply to Doctor Four
Were these Base 64 encoded spam messages?

If so, parsing them via Spamcop will decode them completely and provide you with reporting addresses, as well as offering to report them for you.

to forum · permalink · 2011-11-18 20:13:23 ·


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX

said by newview:

Were these Base 64 encoded spam messages?

I had saved both the HTML attachments to open them in Notepad to look for URLs; when I found only code, I did shift+delete on them. I might try a free file restoration tool I have and see if this is so with them.
--
I, for one, welcome our new Computer Overlords.
to forum · permalink · 2011-11-23 00:17:29 ·
Forums > Broadband Tech > Security > Scam and Phishbusters

Monday, 04-Jun 02:01:14 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics