Spam and Viruses: Unholy Matrimony, Part 2: Page 2
How to Find Malicious Code
Studying a spam or virus message in plain text is a fascinating exercise in misplaced ingenuity. (If only that energy were devoted to good and useful activities!) Be sure to read suspect HTML messages in plain text only! A rich source of spam messages to study is the Usenet group news.admin.net-abuse.sightings.
A person can spend a lot of time looking for Web Bugs, as they are sneaky little buggers. Here's one example from The Privacy Foundation:
<img width='1' height='1' src="http://www.m0.net/m/logopen02.asp? vid=3&catid=370153037&email=SMITHS %40tiac.net" alt=" "><IMG SRC= "http://email.bn.com/cgi-bin/flosensing? x=ABYoAEhouX">
Making matters worse, if you happen to enter personally identifiable information on any of the co-conspirator sites, all of them will be able to link your activities to your name. There is some debate about whether Web bugs are evil, but anything that is so sneaky is highly suspect to me. I've yet to see any disclosure on sites that use these, and of course spammers aren't going to say anything.
Decoding Malicious HTML
Much of what you see is an attempt to evade spam filters by breaking up key words with HTML tags and comments. Newer spam filters are not fooled.