On Mon, 2004-11-08 at 15:29, John Hardin wrote:
>
>
> content="text/html; charset=windows-1251">
>
> vlink="#990099"
> alink="#99">
>
> Note the misquoted meta tag options.
>
> Pine *did* complain about non-hex QP strings in the message, though.
*penny drops* that's because
On Mon, 2004-11-08 at 14:54, Yackley, Matt wrote:
> Just a little more info, that content-type matches a message received
> here today, which appears to be a worm rather than a phishing attempt.
> The links will launch a download of a random named .exe file.
>
> According to Princeton University
> -Original Message-
> From: John Hardin [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 08, 2004 4:41 PM
> To: SpamAssassin list
> Subject: paypal phishing email with malformed MIME header
>
> Heads up, I just got a little flood of PayPal phishes with
> t
Heads up, I just got a little flood of PayPal phishes with the following
malformed MIME body-part header:
--=_NextPart_000_0005_01C4C5A0.D9652420
Content-Type: text/html; charset="iso-8859-2
Content-Transfer-Encoding: quoted-printable
Note the missing close quote on the Content-Type hea
