? Need help interpreting this suspicious HTML code

A

Alec S.

Hi,

I saw an HTML post today on a newsgroup I frequent that looked
suspicious. I checked the message and found what looked to be rather
dubious HTML code. I can't quite figure out what it does because I cannot
find any information about what the equal sign and hex number parts, or the
email address are for/do.

This is the formatted HTML body of the message:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE id=3DridTitle>=BF=D5=B0=D7</TITLE>
<BASE=20 href=3D"file://C:\Program Files\Common Files\Microsoft =
Shared\Stationery\">
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dgb2312">
<STYLE>
BODY {
MARGIN-TOP: 25px; FONT-SIZE: 10pt; MARGIN-LEFT: 25px; COLOR: #000000; =
FONT-FAMILY: =CB=CE=CC=E5, =BA=DA=CC=E5
}
P.msoNormal {
MARGIN-TOP: 0px; FONT-SIZE: 10pt; MARGIN-LEFT: 0px; COLOR: #ffffcc; =
FONT-FAMILY: =BA=DA=CC=E5, "=CB=CE=CC=E5"
}
LI.msoNormal {
MARGIN-TOP: 0px; FONT-SIZE: 10pt; MARGIN-LEFT: 0px; COLOR: #ffffcc; =
FONT-FAMILY: =BA=DA=CC=E5, "=CB=CE=CC=E5"
}
</STYLE>

<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR>
</HEAD>
<BODY id=3DridBody bgColor=3D#ffffff=20
background=3Dcid:[email protected]>
<DIV>hi,</DIV>
<DIV>&nbsp;&nbsp;&nbsp; i want to make friends with you~~~~~~~~~</DIV>
<DIV>&nbsp;</DIV>
<P>&nbsp;</P>
</BODY>
</HTML>


Any ideas?
 
D

Dave Brown

Looks like its got MS Bloat code in there. I dont think it can do
anything dangerous, it just looks like its a webpage from word or some
similar MS product with links to local based styles.
 
E

Els

Dave said:
Looks like its got MS Bloat code in there. I dont think it
can do anything dangerous, it just looks like its a webpage
from word or some similar MS product with links to local
based styles.

Doesn't the path C:\Program Files\Common Files\Microsoft
Shared\Stationary\ ring a bell then?

Looks like an MS OE html message that was formatted using MS
Word and of which the source code has been sent using Quoted
Printable format (or what's that called?) and then pasted into
a Usenet posting.
 
A

Alec S.

What about what looks like an email address in the body background. I
guessed that when you render the page you end up sending a message to that
address with the default email account and in this way, this person can
harvest addresses from newsgroups simply by having people look at the page.

And what's with the equal signs and hex numbers? I can't find any
reference to them in HTML.
 
E

Els

Alec said:
What about what looks like an email address in the body
background.

That's a cid reference, which I don't know anything about
other than that they are used to get an image into an html
email.
I guessed that when you render the page
you end up sending a message to that address with the
default email account and in this way, this person can
harvest addresses from newsgroups simply by having people
look at the page.

I don't think adding an emailaddress to a body element would
send an email anywhere.
And what's with the equal signs and hex numbers? I
can't find any reference to them in HTML.

Some of those equal signs are done by Outlook Express when you
send a message in the wrong format. I think that would be the
Quoted Printable format or something like that.

The ones in for example font-family:... I don't know. The
whole message seems seriously f-d up. But maybe it isn't.
 
A

Alec S.

You can understand that when someone posts a message to a large
newsgroup with the subject ":)" and body "i want to be your friend", it
sounds an awful lot like a virus. I've replaced all hex codes with their
UNICODE characters and it makes even less sense. Plus, there's a style for
list items when there are none. Maybe this was a test or something.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,832
Latest member
GlennSmall

Latest Threads

Top