Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Creative Chinese spam hides inside resized HTML textarea tags

You’ll have to take our word for it – the text below comes from Chinese spam. The text asks recipients to view the attached Excel sheet and forward it on to any relevant staff.

Of course this sort of text is bound to trigger content-based spam filters, so creative spammers are using an HTML trick to hide lots of additional text. Recipients will see the message as shown above but spam filters will see large amounts of random text in a series of seemingly disconnected text boxes. This will theoretically make detecting the spam harder. A look at the HTML source reveals the series of text boxes created using the “textarea” tag.

Each textarea is defined as being one row high and one column wide effectively exposing only the 1st letter contained in each text box. Look at the email sample again – we will now expand the full text that follows the 6th letter:

The message on the second line (“See attachment and forwarded to relevant staff!!”) is therefore created using the first letters of several text boxes. Neat.

The spam outbreak includes Excel attachments describing higher education courses that may be covered by government grants (or that may be claimed without actual attendance). The screen below shows a portion of the (very) lengthy Excel sheet. The attachment does not contain any malware.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...