Deliberate false signatures in spam?
Neil Williams
linux@codehelp.co.uk
Mon Jul 21 21:50:03 2003
--Boundary-02=_nREH/2qXhyjBPQX
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
Just received a spam message with this contained within:
Pretending to be from: "Kate Shaver" <kr245gxuqp@canada.com>
(The usual Viagra/whatever spam).
=2D----BEGIN PGP SIGNATURE-----
version: pgpfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
ksie8fg4j8r7m3s9od5h2ixrqheaqqa3ysepsq0xzdhzuvskfdktfpe9xs4fhqs
wacj49dk6u883sxo4kb9u6/jnjdx6cjqnzxpetxk9b2dogll/c/60hwrpn+vujdu
xav65sop+px4knaqcciecamqj7ugcsw+cqmpnbxwyatymjafkbkh1eulc2vrwdmd
cjdi57fh43ks9cm78h4t
=2D----END PGP SIGNATURE-----
I get lots of:
gpg: invalid radix64 character 3c skipped
errors.
(Hopefully the inclusion of the content won't invalidate my own signature! =
Let=20
me know!)
Is this a deliberate attempt by spammers to pretend to have a signature -=20
perhaps in an attempt to bypass spam filters that look for sig's? The filte=
r=20
can't verify whether the signature is valid so I suppose it wouldn't matter=
=20
what junk is put in. It's surrounded by a font tag set to color=3Dwhite to=
=20
presumably mask it from the HTML reader but KMail ignores the tags unless=20
specifically set to show HTML.
Incidentally, KMail doesn't show this as a GnuPG/PGP signed message (nor=20
should it, IMHO), I only saw the pretend content when reviewing the effects=
=20
of my spam filters.
=2D-=20
Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk
http://slashdot.org/~codehelp
--Boundary-02=_nREH/2qXhyjBPQX
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/HERniAEJSii8s+MRAoNKAJ0W2oW37Xy6UEspoFvL0oadc0d2YACgrE3i
YM9cpDnARoBybLeIzpGncXw=
=S76T
-----END PGP SIGNATURE-----
--Boundary-02=_nREH/2qXhyjBPQX--