The other day I received a piece of spam that surprised me. First, because I was simply shocked that I got a piece of spam. I haven’t received a single piece of spam at that address in years! This led to my second observation: the spam was sent to one person and carbon copied to three others, all at the same domain name. Now that’s tricky! Here lots of spammers are trying to use PDFs or images to get their spam through, and this person just made it look like a typical business email.
The method I used here was to take input off of STDIN, find all occurrences of \x??, convert each to the corresponding ASCII value, and then finally parse that result for use of HTML encoding that uses hex in the form %??. Here’s the resulting program.
(** Note: In both examples above the question marks would be replaced with a hex value 0–9 or A-F)
Here’s the output after both rounds of conversion through my script.
Thankfully, this tries to load a page off of non-standard port 8088 which is blocked by default in my general egress rule set. It’s blocked in yours too, right?
If we use a machine that does have access to the port we can view this site by providing a fake subdomain matching the pattern the script above would use. When I saw it I was actually fairly impressed. The design and layout was very well done, looked professional, and dare I say even better than some legit corporate web sites!
Now here’s what’s always baffled me about these sites.…. They are selling drugs, right? So why are people willing to pay large sums of money for drugs when they could get from their doctor for a co-pay if they really needed them? Also, who says this dealer can be trusted?! They are an annoymous website that uses shading marketing tactics to get people to their site. What’s to say that the check out isn’t just to collect credit card numbers and never send you a single pill? Even more dire, what’s to stop them from putting arsenic in every pill? It’s not like they are regulated by the FDA.
* shrugs * I may not understand why people go to these sites, but I can at least accept that someone must, otherwise there wouldn’t be so much effort put into getting the advertisement out.