Ignore the smallprint

TA!Smallprint!HTML

  09 September 2011

Description

Using very big and very small letters where the latter are likely to be ignored and the former contain the actual message. See also Whiter Shade of Pale.

Submitted by Natalia Zablotskaya (Kaspersky Labs); more at this SecureList blog post.

Example

 <font size="6"><span style="FONT-FAMILY: arial black,sans-serif">C</span></font>
<font style="FONT-FAMILY: garamond,serif" size="1">xaaabbbb </font>
<font size="6"><span style="FONT-FAMILY: arial black,sans-serif">H</span></font>
<font style="FONT-FAMILY: garamond,serif" size="1">deeeffff </font>
<font size="6"><span style="FONT-FAMILY: arial black,sans-serif">E</span></font>
<font style="FONT-FAMILY: garamond,serif" size="1">hhhhiiij </font>
<font size="6"><span style="FONT-FAMILY: arial black,sans-serif">A</span></font>
<font style="FONT-FAMILY: garamond,serif" size="1">kkllllmm </font>
<font size="6"><span style="FONT-FAMILY: arial black,sans-serif">P</span></font>
<font style="FONT-FAMILY: garamond,serif" size="1">mnnnnooo </font><br/>

Looks like:

Cxaaabbbb Hdeeeffff Ehhhhiiij Akkllllmm Pmnnnnooo
Prrrsssss Htttuuuvv Avvvwwwwx Raabbbbbb Mccddddee Affgggghh Chhiiiijj Ykkkkklll

The text as seen in spam emails was a link to a website vulnerable to SQL injection. However, nothing is pulled out of a database; instead, using a SELECT query, code is inserted that causes the user to be redirected to a pharmacy website.

Entries

Cross your fingers and click

Spammers compendium entry - Cross your fingers and click

Whiter Shade of Pale

Spammers compendium entry - Whiter Shade of Pale

Slick Click Trick

Spammers compendium entry - Slick Click Trick

Now you see it; now you don't

Spammers compendium entry - Now you see it; now you don't

The Rake

Spammers compendium entry - The Rake

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.