Legend:  new window    outside link    tools page  glossary link   

Sample spam analyses

9 February 2006: These examples have been updated and corrected here and there.

While I have a complete step-by-step guide to analyzing and tracing spam mails elsewhere on this site, it doesn’t hurt to see some real-life examples. So, on this page, I’ve linked a few that I’ve done in some detail.

These examples are hand-picked to show various special tricks and techniques employed by the spammer, in addition to the basic procedures for deconstructing and tracing the messages.

I’ve classified these examples as “basic” (involving mainly tricks using basic SMTP and HTML) and “advanced” (full of more ambitious or unusual exploits).

I’ll add more of these to the site as I receive interesting or illustrative examples.


1
basic
Forged header, base64 encoded HTML body, basic embedded IMG and MAILTO links.
2
basic
Forged header, HTML body, beacon URL
3
basic
Forged header, fiddling with HTML anchor tag to disguise link.
4
basic
Forged header, obfuscated HTML body.
5
advanced
Encrypted message body (for propeller-heads only!).
6
basic
Forged header, suspicious HTML anchors
7
advanced
Forged header, unrelated web links, encrypted body, multiple redirection, and browser “hijacking.”
8
basic
Stylesheet link used as beacon.
9
advanced
Complex DNS cache-stuffing; Microsoft HTA exploit.
10
basic
Disguising website URL with TinyURL
11 advanced Dictionary-attack probe message


 Legend:  new window    outside link    tools page  glossary link   

(c) 2003-2006, Richard C. Conner ( )

12886 hits since March 27 2009

Updated: Thu, 22 Jun 2006