Select Page

Cyren Security Blog

Creative Chinese spam hides inside resized HTML textarea tags

You’ll have to take our word for it – the text below comes from Chinese spam. The text asks recipients to view the attached Excel sheet and forward it on to any relevant staff.

Of course this sort of text is bound to trigger content-based spam filters, so creative spammers are using an HTML trick to hide lots of additional text. Recipients will see the message as shown above but spam filters will see large amounts of random text in a series of seemingly disconnected text boxes. This will theoretically make detecting the spam harder. A look at the HTML source reveals the series of text boxes created using the “textarea” tag.

Each textarea is defined as being one row high and one column wide effectively exposing only the 1st letter contained in each text box. Look at the email sample again – we will now expand the full text that follows the 6th letter:

The message on the second line (“See attachment and forwarded to relevant staff!!”) is therefore created using the first letters of several text boxes. Neat.

The spam outbreak includes Excel attachments describing higher education courses that may be covered by government grants (or that may be claimed without actual attendance). The screen below shows a portion of the (very) lengthy Excel sheet. The attachment does not contain any malware.

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...