[Fwd: SPAM - sinister spam]

Hara Ra (harara@shamanics.com)
Fri, 12 Dec 1997 23:06:59 -0800


This is a multi-part message in MIME format.
--------------4B8576C1454DE5CFFE526DE2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Fringeware sent me this item - any of you Java experts care to comment??

O----------------------------------O
| Hara Ra <harara@shamanics.com> |
| Box 8334 Santa Cruz, CA 95061 |
O----------------------------------O
--------------4B8576C1454DE5CFFE526DE2
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Received: from fringeware.com (FringeWare.COM [207.170.80.10])
by scruz.net (8.8.5/1.34) with ESMTP id SAA19235; Fri, 12 Dec 1997 18:22:22 -0800 (PST)
Received: (from info@localhost)
by fringeware.com (8.8.7/8.8.7) id OAA18524
for fw-daily; Fri, 12 Dec 1997 14:00:14 -0600 (CST)
Keywords: formatic purplementations preparingewarez partise param desktop
Precedence: list
List-Server: info@fringeware.com
Errors-To: owner-email@fringeware.com
Message-Id: <971212fw.7557@fringeware.com>
Cc: Chip Rowe <chip@interaccess.com>
Subject: SPAM - sinister spam
Date: Thu, 11 Dec 1997 09:42:52
From: FringeWare News Network <email@fringeware.com>
X-Www-Page: http://www.fringeware.com/msg/sub.html
Reply-To: chip@interaccess.com, email@fringeware.com

Sent from: Chip Rowe <chip@interaccess.com>

Excerpted from:

Risks-Forum Digest Tuesday 9 December 1997 Volume 19 : Issue 49
- -----------------------------------------------------------------

Date: 28 Nov 1997 03:21:42 GMT
From: "braz" <braz@mnw.net>
Subject: Beware of HTML Mail

I received a spam mail today that was rather sinister. Many spams that I
receive request that you click on the hyperlink to go to their site. This
one, however, was much different. I am running IE4.0, and I simply
highlighted the new message in my mailbox, and clicked on the subject to
read it. It immediately downloaded and initialized a java applet that
took control of my browser, opened a session to their site as I sat in
amazement. I then quickly (out of fear) stopped the connection to that
site, went back to the mail message and viewed the source to see what was
in it. Here is the first few lines of the mail - I numbered the lines so
they won't be interpreted as HTML/E-mail here:

1. <html>
2. <head>
3. <title>webtour</title>
4. </head>
5. <body>
6. <applet
7. code=sitewalk.class
8. codebase=http://www.netinstrument.com/applet
9. name=sitewalk
10. width=2
11. height=2 >
12. <param name="page1" value="jpg, , 300, 200, 4000, ,
start-http://www.netinstrument.com/email2.htm, -, -, -, -, -, -, -, -, -, ">
(line 12 repeated for various links at their site)

I never really cared much about the spam I received, because it was really
non-intrusive for the most part. This, however, was scary. It took control
of my IE4 Browser, and forced me to their site. Who knows what the sites
web pages do if you let it run its course.

Net users, beware. The risks of simply receiving spam have just
skyrocketed. Turn off auto-preview mode, and look at the *source* of the
message prior to opening the mail item. I never cared about this before,
but I really feel violated in some weird electronic sense.

Tom Brazil <braz@mnw.net>
------------------------------

--------------4B8576C1454DE5CFFE526DE2--