Spam Obfuscation

Get rid of it and block the website.

It was spam...email

You should have a block sender option somewhere in your email program.

That's not the point. The question is this: Does anyone on the "Software and Programming" blog know how to decipher the obfuscation of the information I have posted or have any idea which would point me to the programming language used which begins the page string with a letter followed by a question mark? As seen in my first post, the string begins with "k?".

I don't need information on how to secure my computer. It was secure. Nothing happened. I looked at the hidden information from the header of the email message, which was blank except for a link. Within the header and the link was the previously mentioned obfuscated information.

The offending web site is known for this type of malicious activity, and so is the ISP. I am just curious as to their methodology.

U1RGUQ==

Sorry, I misunderstood. I don't have a clue about deciphering code.

This is not a reply really but a similar problem. What do you do with these sites that evidently keep changing their email address. Blocking in OE doesn't do much good. I would really like to stop the foreign email which is obviously a scam reference to money.

This is kind of thread hijacking, but try this:

Determine if the messages all have something in common, such as your name in the subject or somewhere in the body in a format that you would not normally see, for example: john.smith. Most of your friends and colleagues would not spell your name that way, but it is a popular method for bypassing spam filters. You would set up OE to delete all messages with the phrase or pattern in the subject, from, body, etc. You could also do the same with your ISP's spam filter in most cases. Contact your ISP's admin, as I am sure they would appreciate the ability to limit spam bandwidth on their system, if they can find the time.

Determine if the emails are coming from the same block of IP addresses. You can block that using more sophisticated spam blockers, or modify your firewall to filter emails based on header content.

The easiest method is the first, as spammers usually use a common method to bypass your filters. Once you determine a pattern, you can set up OE to block that.

The k? is saying to the server: "Load the page 'k' and give it the parameter(s) that follow the '?'". It is a standard way to post parameters to a web application. As an example, look at almost any URL in the address bar for this forum and you will see this structure. E.g., this post has the form of

newcomment?objectid=66769&objecttype=THREAD

meaning that the file 'comment' on the cr4.globalspec.com server will be loaded and handed the parameters

objectid with a value of 66769

objecttype with a value of THREAD

In your example, the typical name=value stuff has been encrypted in some way so that their content is not easily "sniffed" as it flows across the 'net.

And, no, I cannot help decrypting it.

Regards,

Bill Lee

Thanks...that's great info. There were four strings of the same length, so I assume they are automatically generated by a trojan dropper or some similar malware. Those random named executables make it difficult to track.