Picture this, You are a spammer, you send out
a million spams (junk emails) to a million different email addresses. Within
minutes you are logging the READING of those emails. Note this is not people
who respond but you can actually log someone just previewing or reading the
email in Outlook or Outlook Express. And the best part, the poor user
has no idea this is happening to him, it is completely stealth.
Each time you log this you add these email addresses to your "A"
list because you know they are valid addresses and your crap is being viewed
by these people. THESE ARE VALUABLE ADDRESSES!!
The other day I was working and turned off my
firewall for just a minute. In that time I received an email and like an idiot
I previewed it before re-enabling my firewall. In that one second my
information (the time, my IP address, my email address, my Operating system,
what browser I use, who is my ISP, and the fact that I got the email and read
it) was recorded by a spammer because Outlook Express is exploitable via email
webbugs. It pissed me off so much that I threw this little demo together to
show the world what is going on.
I've chased MS to fix this for a couple years now, but they just tell me
"it's not a security issue". Yet spammers have been using this
technique to verify that your email address is active and to log all this
information about you. So ok, now you can decide for yourself if this is a
What are webbugs?
The way it
works is you enter your email address in the below box, hit submit and the
server will send you an exploit email. When you read that email your email
program will silently make a connection to my server and I will log your
information. Once that happens you can view that logged information on the
Not to worry, I don't want your email addresses, I'm into privacy. :) (actually you can enter any email address if
you want to exploit your friends who use exploitable email programs)
For those of you who read about this in the inquirer, it's not just Outlook
that's vulnerable, gecko on Linux, Netscape, AOL, there are a bunch of email programs
that are being exploited by the spammers. (my apologies to
MS for the initial reports making it sound like it was only Outlook Express, it's just
that I'm an outlook express user and that's the only one I'm concerned about)
Ok, ready to see if you are vulnerable to email webbugs?
Email to test:
No thanks, I don't want to expose my email address but I want to seen the next