Interpreted email?



  • Check mail — oh, a new message with subject “Update Your Account 21/07/2015 10:10:31” … I wonder who’s trying to con me now …

    Scripting? Do they think anybody still uses an ancient version of Outlook or something? Hang on a sec, that’s not Javascript — it looks like …

    [code]To: gurth@gurths_isp.nl
    Subject: Update Your Account 21/07/2015 10:10:31
    Date: Tue, 21 Jul 2015 10:10:31 -0600

    <?php $testa = $_POST['veio']; if($testa != "") { [/code] Let me get this straight: somebody sending phishing emails expects the recipient to use a mailer with a <em>PHP interpreter … ?


  • Maybe they sent the mailer script instead of the email it was supposed to send?

    Edit: found it

    It looks like the spambot infected itself.



  • @Gurth said:

    Let me get this straight: somebody sending phishing emails expects the recipient to use a mailer with a PHP interpreter … ?

    Paging @Arantor...he's got to see this!



  • @Gurth said:

    Let me get this straight: somebody sending phishing emails expects the recipient to use a mailer with a PHP interpreter … ?

    Yeah, that's just silly!

    /me makes a mental note to check if it would work with lisp in his mail client (gnus for emacs).



  • Emacs had some Lisp injection vulnerabilities already. I remember a vulnerability in the built-in spreadsheet (not sure if it can be triggered if you attach a spreadsheet to an email or set the content-type of the email to the one of the spreadsheet), and one using File Local Variables (which hopefully does not work in Gnus). Probably there are more, and probably there are a few unpatched ones left. .dir-local.el also comes to mind (but probably not possible to exploit via email).



  • SVG is now native in emacs so you can embed lisp code into an SVG and get it interactive. I'm just waiting for the first exploit of that...



  • Alright, everybody start mailing SVGs with embedded lisp to Mikael.



  • I knew you would see the opportunities!

    More serious use that I am also expecting RSN is someone building a graphical user interface inside emacs using SVG.


  • Discourse touched me in a no-no place

    @ben_lubar said:

    It looks like the spambot infected itself.

    That's actually pretty funny, if it is what happened. "Oh, I wonder what this email titled "I.LOVE.YOU" is about"


  • Discourse touched me in a no-no place

    @Mikael_Svahnberg said:

    More serious use that I am also expecting RSN is someone building a graphical user interface inside emacs using SVG.

    That would take a peculiar mix of self-loathing and Lisp skills you're not likely to find in the same person.



  • Yet there is evil-mode.



  • Yep, that’s similar to the script that was in the email I got, though mine appears to be a modified version. In case anyone cares:

    [code]<?php
    $testa = $_POST['veio'];
    if($testa != "") {
    $message = $_POST['html'];
    $subject = $_POST['assunto'];
    $nome = $_POST['nome'];
    $de = $_POST['de'];
    $to = $_POST['emails'];

    $email = explode("n", $to);
    $message = stripslashes($message);

    $i = 0;
    $count = 1;
    while($email[$i]) {
    $dataHora = date("d/m/Y h:i:s");

    $EmailTemporario = $email[$i];
    $message = stripslashes($message);
    $headers = "MIME-Version: 1.0n";
    $headers .= "Content-type: text/html; charset=iso-8859-1n";
    $headers .= "From: ".$nome." <".$EmailTemporario.">rn";

    if(mail($EmailTemporario, $subject." ".$dataHora, $message.$dataHora, $headers))
    echo "<font color=blue>* Nъmero: $count ".$email[$i]." <font color=black>VEM INFOOOOO....!</font>


    ";
    else
    echo "<font color=red>* Nъmero: $count ".$email[$i]." <font color=red>EROO NAO ENVIO</font>

    ";
    $i++;
    $count++;
    }
    $count--;
    if($ok == "ok")
    echo "[Fim do Envio]";

    }

    ?>[/code]



  • Wow. And this is why you should stay away from PHP.



  • No, ten bucks says they used PHP to send the spam and fucked up somehow so some PHP tags got in the email when they were supposed to be executed instead.



  • Pretty much.



  • @FrostCat said:

    That would take a peculiar mix of self-loathing and Lisp skills you're not likely to find in the same person.

    You called?


Log in to reply