Interpreted email?
-
Check mail — oh, a new message with subject “Update Your Account 21/07/2015 10:10:31” … I wonder who’s trying to con me now …
Scripting? Do they think anybody still uses an ancient version of Outlook or something? Hang on a sec, that’s not Javascript — it looks like …
[code]To: gurth@gurths_isp.nl
<?php $testa = $_POST['veio']; if($testa != "") { [/code] Let me get this straight: somebody sending phishing emails expects the recipient to use a mailer with a <em>PHP interpreter … ?
Subject: Update Your Account 21/07/2015 10:10:31
Date: Tue, 21 Jul 2015 10:10:31 -0600
-
Maybe they sent the mailer script instead of the email it was supposed to send?
Edit: found it
It looks like the spambot infected itself.
-
Let me get this straight: somebody sending phishing emails expects the recipient to use a mailer with a PHP interpreter … ?
Paging @Arantor...he's got to see this!
-
Let me get this straight: somebody sending phishing emails expects the recipient to use a mailer with a PHP interpreter … ?
Yeah, that's just silly!
/me makes a mental note to check if it would work with lisp in his mail client (gnus for emacs).
-
Emacs had some Lisp injection vulnerabilities already. I remember a vulnerability in the built-in spreadsheet (not sure if it can be triggered if you attach a spreadsheet to an email or set the content-type of the email to the one of the spreadsheet), and one using File Local Variables (which hopefully does not work in Gnus). Probably there are more, and probably there are a few unpatched ones left.
.dir-local.el
also comes to mind (but probably not possible to exploit via email).
-
SVG is now native in emacs so you can embed lisp code into an SVG and get it interactive. I'm just waiting for the first exploit of that...
-
Alright, everybody start mailing SVGs with embedded lisp to Mikael.
-
I knew you would see the opportunities!
More serious use that I am also expecting RSN is someone building a graphical user interface inside emacs using SVG.
-
It looks like the spambot infected itself.
That's actually pretty funny, if it is what happened. "Oh, I wonder what this email titled "I.LOVE.YOU" is about"
-
More serious use that I am also expecting RSN is someone building a graphical user interface inside emacs using SVG.
That would take a peculiar mix of self-loathing and Lisp skills you're not likely to find in the same person.
-
Yet there is evil-mode.
-
Yep, that’s similar to the script that was in the email I got, though mine appears to be a modified version. In case anyone cares:
[code]<?php
$testa = $_POST['veio'];
if($testa != "") {
$message = $_POST['html'];
$subject = $_POST['assunto'];
$nome = $_POST['nome'];
$de = $_POST['de'];
$to = $_POST['emails'];$email = explode("n", $to);
$message = stripslashes($message);$i = 0;
$count = 1;
while($email[$i]) {
$dataHora = date("d/m/Y h:i:s");$EmailTemporario = $email[$i];
$message = stripslashes($message);
$headers = "MIME-Version: 1.0n";
$headers .= "Content-type: text/html; charset=iso-8859-1n";
$headers .= "From: ".$nome." <".$EmailTemporario.">rn";if(mail($EmailTemporario, $subject." ".$dataHora, $message.$dataHora, $headers))
echo "<font color=blue>* Nъmero: $count ".$email[$i]." <font color=black>VEM INFOOOOO....!</font>
";
else
echo "<font color=red>* Nъmero: $count ".$email[$i]." <font color=red>EROO NAO ENVIO</font>
";
$i++;
$count++;
}
$count--;
if($ok == "ok")
echo "[Fim do Envio]";}
?>[/code]
-
Wow. And this is why you should stay away from PHP.
-
No, ten bucks says they used PHP to send the spam and fucked up somehow so some PHP tags got in the email when they were supposed to be executed instead.
-
Pretty much.
-
That would take a peculiar mix of self-loathing and Lisp skills you're not likely to find in the same person.
You called?