How to Identify SPAM

Recommended: Click Here to Run a Free Scan for PC errors

This entry is part 18 of 28 in the series Securing Your PC On the Internet

Posted Jan 16, 2008 | by Rich Menga  

In looking at a SPAM message, we need to also look at the body of the message and some of the things often done to entice, throw off, or fool the recipient into responding. Let’s look at the biggies:

Hidden URLs

Some spammers will make use of various forms of encoding to hide URLs or fool users into clicking on URLs they would not otherwise click on. Many will use IP addresses rather than domain names, thereby obfuscating the potential nature of the target site from the user until they actually visit it. However, one can use the “nslookup” tool on their computer to get the domain itself in many cases (more on this later). Sometimes they will encode the IP address in escaped characters, meaning the ASCII or HTML special character code for the item. Other spammers will use the little-used user ID field of the URL to fool people. For example, sending a browser to “http://www.notspam.com%10.10.10.10/” is, to a browser, the same as going to 10.10.10.10 with a username of “www.notspam.com“. The site will, usually, ignore the user field so therefore there you are staring at 10.10.10.10. Most users, though, would believe they are going to www.notspam.com.

Related, some spammers will make use of other IP ports. Typically internet traffic comes in on port 80, which is used for HTTP transactions. But, if a spammer tries to link you to “www.notspam.com:2000″, then they are routing you to port 2000 rather than 80. If the spammer has some kind of control placed on port 2000 on that server, then you just got “had”.

Two other very common URL tricks are redirectors and deceptive HTML links. There are URL address out there whose only purpose is to redirect to another web address. They can give the click-through URL a legitimate looking name, but clicking on it would route you somewhere else. Lastly, being that much SPAM is in HTML format, they can have a link in the email which is hyperlinked in the traditional blue, underlined text, but actually clicking on the link takes you somewhere else entirely. The way to protect yourself against this is to “View Source” on the message by right-clicking and choosing “View Source”. Look for the HTML

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Which Of These Traits Applies To YOUR Computing Life?...

«Understanding SPAM
How Did You Get Spam In the First Place?»

Leave a Reply