Deliberate false signatures in spam?

Neil Williams linux@codehelp.co.uk
Mon Jul 21 21:50:03 2003


--Boundary-02=_nREH/2qXhyjBPQX
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

Just received a spam message with this contained within:

Pretending to be from:  "Kate Shaver" <kr245gxuqp@canada.com>
(The usual Viagra/whatever spam).

=2D----BEGIN PGP SIGNATURE-----
version: pgpfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

ksie8fg4j8r7m3s9od5h2ixrqheaqqa3ysepsq0xzdhzuvskfdktfpe9xs4fhqs
wacj49dk6u883sxo4kb9u6/jnjdx6cjqnzxpetxk9b2dogll/c/60hwrpn+vujdu
xav65sop+px4knaqcciecamqj7ugcsw+cqmpnbxwyatymjafkbkh1eulc2vrwdmd
cjdi57fh43ks9cm78h4t
=2D----END PGP SIGNATURE-----

I get lots of:
gpg: invalid radix64 character 3c skipped
errors.

(Hopefully the inclusion of the content won't invalidate my own signature! =
Let=20
me know!)

Is this a deliberate attempt by spammers to pretend to have a signature -=20
perhaps in an attempt to bypass spam filters that look for sig's? The filte=
r=20
can't verify whether the signature is valid so I suppose it wouldn't matter=
=20
what junk is put in. It's surrounded by a font tag set to color=3Dwhite to=
=20
presumably mask it from the HTML reader but KMail ignores the tags unless=20
specifically set to show HTML.

Incidentally, KMail doesn't show this as a GnuPG/PGP signed message (nor=20
should it, IMHO), I only saw the pretend content when reviewing the effects=
=20
of my spam filters.

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://slashdot.org/~codehelp


--Boundary-02=_nREH/2qXhyjBPQX
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/HERniAEJSii8s+MRAoNKAJ0W2oW37Xy6UEspoFvL0oadc0d2YACgrE3i
YM9cpDnARoBybLeIzpGncXw=
=S76T
-----END PGP SIGNATURE-----

--Boundary-02=_nREH/2qXhyjBPQX--