Referral Link: http://www.senserely.com/referral/7777778a

Hey all. Today I will write about a particularly nasty form of a spam e-mail message that I’ve stumbled upon a few times already. Because although I already know that links can be “faked” in e-mail clients (and on web-pages; in this case with the use of a simple HTML code, i.e. the value of a “href=” attribute) so that for instance an e-mail client shows the address “www.bad-site.com” instead of the real “www.good-site.com” one (btw. you can always see the right one in the “Status Bar”), I’ve just recently seen this form of a trick for the very first time.

You see, an this case there is not only the URL that’s “faked” (in other words, the URL pointing to a bad website/IP), but this “fake URL” points to a somehow hidden “message.scr” file that is burried deep down in the e-mail message itself (just speculating though), and is therefore residing on a user’s hard-disk drive.

For a better imagination, please see the screenshot of such e-mail message by clicking this link: http://img265.imageshack.us/my.php?image=thunderbirdspamemai… (it’s a file hosted on one of the ImageShack file-hosting servers)

Therefore I am curious: have you too ever before stumbled upon this particular type/form of a spam e-mail message??!

P.S. - I’ve already opened a thread on CastleCops forum regarding it that I’ve entitled “A particularly nasty form of spam e-mail message”: http://www.castlecops.com/postitle186310-0-0-.html, while also I already blogged about it on my slovenian Sopca blog in a “blog-entry” titled “Zelo nevarna oblika spam e-mail sporočil”: http://tadej.sopca.com/2007/05/03/zelo-nevarna-oblika-spam-e….

Best regards, Ivan Tadej (user: “tayiper”)

/edited: 11.10.2007 (fixed an error in referral link)

Referral Link: http://www.senserely.com/referral/7777778a