1

Recently, I've been receiving emails from JP MORGAN CHASE that are blatant phishing attempts. Out of curiosity I have opened them a few times, and they're just completely full of absolute junk characters; lots of symbols, essentially akin to WingDings from Microsoft Word. On my desktop computer, Mozilla's Thunderbird seemed to open the email without any issue, but the Outlook mobile app on my S20 seemed to hang significantly on this email, and thankfully I was able to close the app. There don't seem to be any ill effects from opening it, either on my Desktop or my phone, but my question is:

Can a spam email full of junk symbols and characters be problematic for certain devices? Is it an attempt to phish or to brick a device?

enter image description here

nightsurfer
  • 111
  • 5
  • Looks like some reverse engineer is needed to decode or understand what is that payload, you can post on https://reverseengineering.stackexchange.com/ and see if somebody can help you. – camp0 Dec 03 '20 at 21:23

1 Answers1

3

It's probably an encoding or rendering error by the sending software and/or (less likely) your mail delivery infrastructure or mail client. It would be helpful to see the Content-Type and Content-Encoding headers and MIME headers to see how the sending software specified your client should read the message.

It's always possible that it's just nonsense spam, sent to distract spam filters and harm their accuracy so that spam with real payloads can be delivered later (see also Hash busters and Bayesian poisoning), but it's more likely that the attacker messed up the encoding.

Remember that lots of spam comes from botnets, meaning the message content needs to sneak through anti-virus, then decrypt/decompress, then spew out into the world. There are lots of places that could have gone wrong.

The likelihood that this content could itself be harmful to your computer is close to zero. There could be some odd 0-day that it takes advantage of, but not that I've heard of (that would be huge).

Adam Katz
  • 9,718
  • 2
  • 22
  • 44
  • 1
    Solid info! Do you have any insight as to whether it would harm a mobile device? I've seen semi-recent stories of iPhones and android devices getting bricked or forced to restart by strange characters, hell even certain image file-formats/pixels. – nightsurfer Dec 03 '20 at 22:34
  • 1
    I've heard that about messaging applications, but never email clients. This is outside my infosec expertise, but I imagine that's because messaging apps have to reinvent the wheel while email is tried and true (and ASCII-only, with various time-tested encoding tricks like [RFC 2047](https://tools.ietf.org/html/rfc2047) to facilitate other character sets) and therefore it's quite implausible that an attack could trick an email app with a surprise null byte or escape sequence. – Adam Katz Dec 03 '20 at 22:45