Posted: 02 Apr 2006, 06:39
Little precision :
Now, for the rest :
As LaBlueGirl suggests : the most comon trick is to send the dirty thing hidden in a file of the image-type by email but it won't work that easilly.
Triggering the 'target' to a site with malicious files hidden within x-www-applications like Flash components, GIFs, *.xpm, ActiveX and even neat JavasCript , well, that is done way more easilly.
Because people are mostly click-addicts : in the bottom of your email you put "to not receive this mesage anymore, click: here" or "if you received this message by error: click here" where the word "here" is not a email address but a link to the site. In order to do that properly, well you will need some 'URL-obfuscating' techniques (like spammers do) and 'trigger' your target firend/ennemy,ex-girl/boifriend/whatever to it.
p.ex : all what precedes the @-sign can be filled with whatever you want :
http://unsubscribe_NOW_IMMIDIATELY@example.com works as good as just
as http://mailto:info@example.com or just http://www.example.com .
By this means, obfuscating URLs, you can go and obfuscate entire full URI's like
http://ftp.example.com/BadGuy/crackpot.exe into a single string of numbers or a DWORD, which is even more disastrously efficient (like the spammers, phishers and scammers do).
Be sure, if you insist, one of your targets will click on one of the malicious links and you'll have your moment of ahum ...`bliss'..
Ok, happy now ? because i posted enough info to got me at least two years in jail here.
--FrankB
n00b B of n00b C preceding n00b A.
Not de facto. Steganography is used to hide a file into another file, with our without encryption.CircuitB0mB wrote:hmm im not sure f Steganography could change this, i dont think it would because it would then be encrypted hence you would need to un-encrypt it
Now, for the rest :
As LaBlueGirl suggests : the most comon trick is to send the dirty thing hidden in a file of the image-type by email but it won't work that easilly.
Triggering the 'target' to a site with malicious files hidden within x-www-applications like Flash components, GIFs, *.xpm, ActiveX and even neat JavasCript , well, that is done way more easilly.
Because people are mostly click-addicts : in the bottom of your email you put "to not receive this mesage anymore, click: here" or "if you received this message by error: click here" where the word "here" is not a email address but a link to the site. In order to do that properly, well you will need some 'URL-obfuscating' techniques (like spammers do) and 'trigger' your target firend/ennemy,ex-girl/boifriend/whatever to it.
p.ex : all what precedes the @-sign can be filled with whatever you want :
http://unsubscribe_NOW_IMMIDIATELY@example.com works as good as just
as http://mailto:info@example.com or just http://www.example.com .
By this means, obfuscating URLs, you can go and obfuscate entire full URI's like
http://ftp.example.com/BadGuy/crackpot.exe into a single string of numbers or a DWORD, which is even more disastrously efficient (like the spammers, phishers and scammers do).
Be sure, if you insist, one of your targets will click on one of the malicious links and you'll have your moment of ahum ...`bliss'..
Ok, happy now ? because i posted enough info to got me at least two years in jail here.
--FrankB
n00b B of n00b C preceding n00b A.
That would be cool indeed, an "Un-disclaimer" 
, wel.. sort off.