Do spammer tools leave hidden signatures?

Interestingly I got some spam today that had some interesting code. Both AppleWorks and MS Word seem to be used by the author. Included in this post are some excerpts from this email that I found interesting:

<!–This file created by AppleWorks HTML Filter 6.0–>
<html xmlns:v="urn:schemas-microsoft-com:vml"
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
</meta><meta name=ProgId content=Word.Document>
</meta><meta name=Generator content="Microsoft Word 9">
</meta><meta name=Originator content="Microsoft Word 9">
</meta><link rel=File-List href="./JUNE_files/filelist.xml">
</link><link rel=Edit-Time-Data href="./JUNE_files/editdata.mso"></link>
<!–[if gte mso 9]><xml>
<o :DocumentProperties>
 </o><o :Author>None</o>
 <o :Template>Normal</o>
 <o :LastAuthor>None</o>
 <o :Revision>2</o>
 <o :TotalTime>0</o>
 <o :Created>2006-01-31T03:51:00Z</o>
 <o :LastSaved>2006-01-31T03:51:00Z</o>
 <o :Pages>2</o>
 <o :Words>1003</o>
 <o :Characters>5722</o>
 <o :Lines>47</o>
 <o :Paragraphs>11</o>
 <o :CharactersWithSpaces>7027</o>
 <o :Version>9.3821</o>
</xml>< ![endif]–>

I’m now wondering a few things:

  • Did they really use AppleWorks?
  • Do any spammers that use MS Word leave a real name in there?

Might be fun to sift through your spam and see if you can spot a real spammer name, based on what MS Word can leave behind!

Tags: ,

Related Posts

Related Posts

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution.