This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.

Thursday, July 17, 2008

Weirdest Spam Ever

I have an email account that has gotten so bad with spam I rarely check it. I was scanning through it today and saw a spam with the subject 'Hidden IFrame'. I rarely click on spam, but I clicked through and saw the following in the email:

PCEtLQ0KICAgQ29weXJpZ2h0IChjKSAyMDA1LCBCcmFkIE5ldWJlcmcsIGJrbjNAY29sdW1i
aWEuZWR1DQogICBodHRwOi8vY29kaW5naW5wYXJhZGlzZS5vcmcNCg0KICAgUGVybWlzc2lv
biBpcyBoZXJlYnkgZ3JhbnRlZCwgZnJlZSBvZiBjaGFyZ2UsIHRvIGFueSBwZXJzb24gb2J0
YWluaW5nDQogICBhIGNvcHkgb2YgdGhpcyBzb2Z0d2FyZSBhbmQgYXNzb2NpYXRlZCBkb2N1
bWVudGF0aW9uIGZpbGVzICh0aGUgIlNvZnR3YXJlIiksDQogICB0byBkZWFsIGluIHRoZSBT
b2Z0d2FyZSB3aXRob3V0IHJlc3RyaWN0aW9uLCBpbmNsdWRpbmcgd2l0aG91dCBsaW1pdGF0
aW9uDQogICB0aGUgcmlnaHRzIHRvIHVzZSwgY29weSwgbW9kaWZ5LCBtZXJnZSwgcHVibGlz
aCwgZGlzdHJpYnV0ZSwgc3VibGljZW5zZSwNCiAgIGFuZC9vciBzZWxsIGNvcGllcyBvZiB0
aGUgU29mdHdhcmUsIGFuZCB0byBwZXJtaXQgcGVyc29ucyB0byB3aG9tIHRoZQ0KICAgU29m
dHdhcmUgaXMgZnVybmlzaGVkIHRvIGRvIHNvLCBzdWJqZWN0IHRvIHRoZSBmb2xsb3dpbmcg
Y29uZGl0aW9uczoNCg0KICAgVGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRoaXMg
cGVybWlzc2lvbiBub3RpY2Ugc2hhbGwgYmUNCiAgIGluY2x1ZGVkIGluIGFsbCBjb3BpZXMg
b3Igc3Vic3RhbnRpYWwgcG9ydGlvbnMgb2YgdGhlIFNvZnR3YXJlLg0KDQogICBUSEUgU09G
VFdBUkUgSVMgUFJPVklERUQgIkFTIElTIiwgV0lUSE9VVCBXQVJSQU5UWSBPRiBBTlkgS0lO
RCwNCiAgIEVYUFJFU1MgT1IgSU1QTElFRCwgSU5DTFVESU5HIEJVVCBOT1QgTElNSVRFRCBU
TyBUSEUgV0FSUkFOVElFUw0KICAgT0YgTUVSQ0hBTlRBQklMSVRZLCBGSVRORVNTIEZPUiBB
IFBBUlRJQ1VMQVIgUFVSUE9TRSBBTkQgTk9OSU5GUklOR0VNRU5ULg0KICAgSU4gTk8gRVZF
TlQgU0hBTEwgVEhFIEFVVEhPUlMgT1IgQ09QWVJJR0hUIEhPTERFUlMgQkUgTElBQkxFIEZP
UiBBTlkNCiAgIENMQUlNLCBEQU1BR0VTIE9SIE9USEVSIExJQUJJTElUWSwgV0hFVEhFUiBJ
TiBBTiBBQ1RJT04gT0YgQ09OVFJBQ1QsIFRPUlQNCiAgIE9SIE9USEVSV0lTRSwgQVJJU0lO
RyBGUk9NLCBPVVQgT0YgT1IgSU4gQ09OTkVDVElPTiBXSVRIIFRIRSBTT0ZUV0FSRSBPUg0K
ICAgVEhFIFVTRSBPUiBPVEhFUiBERUFMSU5HUyBJTiBUSEUgU09GVFdBUkUuDQotLT4NCjwh
RE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAxIFRyYW5zaXRpb25h
bC8vRU4iPg0KPGh0bWw+DQoJPGhlYWQ+DQoJCTx0aXRsZT5Bc2suY29tIC0gTG9jYWwgU2Vh
cmNoPC90aXRsZT4NCgkgICA8c2NyaXB0IGxhbmd1YWdlPSJKYXZhU2NyaXB0Ij4NCgkJCQlm
dW5jdGlvbiBwYWdlTG9hZGVkKCkgew0KCQkJCSAgIHdpbmRvdy5wYXJlbnQuZGh0bWxIaXN0
b3J5LmlmcmFtZUxvYWRlZCh3aW5kb3cubG9jYXRpb24pOw0KCQkJCX0NCgkgICA8L3Njcmlw
dD4NCgk8L2hlYWQ+DQogICA8Ym9keSBvbmxvYWQ9InBhZ2VMb2FkZWQoKSI+DQogICAgICA8
aDE+YmxhbmsuaHRtbCAtIE5lZWRlZCBmb3IgSW50ZXJuZXQgRXhwbG9yZXIncyBoaWRkZW4g
SUZyYW1lPC9oMT4NCiAgIDwvYm9keT4NCjwvaHRtbD4NCg==
Staring at it I realized that it was some base64 encoded data, so I jumped to a web-based base64 decoder and decoded it. What it turned out to be blew me away. Here is the data above in this random spam email base64 decoded:

<!--
Copyright (c) 2005, Brad Neuberg, ***@******* (email removed)
http://codinginparadise.org

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Ask.com - Local Search</title>
<script language="JavaScript">
function pageLoaded() {
window.parent.dhtmlHistory.iframeLoaded(window.location);
}
</script>
</head>
<body onload="pageLoaded()">
<h1>blank.html - Needed for Internet Explorer's hidden IFrame</h1>
</body>
</html>
Okay, that's really weird on alot of levels! First, that's one of the files from the Really Simple History project, which is an open source project I started -- that's just strange that its base64 encoded in a spam message to me! Second, it says Ask.com in there -- is Ask.com using Really Simple History?

Update: Looking through the Ask.com source I see that they are using Really Simply History! Cool!

Labels:


Comments: Post a Comment

Subscribe to Post Comments [Atom]



Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]