I recently received an html encoded spam email, purporting to be for a spyware remover. It has all the classic hallmarks of bogus-ness i.e. scaremongering text, poor grammer, spoofed addy etc.
What I am interested in is what would happen if I was dumb enough to click the Removal Instructions link, as my html is a little shakey.
Viewing the source I noticed that almost everything between <body> and </body> is one big link to a suspicious website. Within that link is the following:
When the mouse pointer is over that link it shows up in the status line as the temporary file that Eudora stored the message in, with a ‘#’ symbol appended. So, what would happen?
The “#” is a reference to the page you are currently on. More specifically it’s part of the way to define a certain segment of the page to link to. A blank one like you have will just refresh the page.
The onclick=“return false” should do nothing. If there was another javascript in there, the “return false” would tell the script NOT to follow the original link, contained in the href statement.
If it was replaced with “return true” the “#” link should be activated.
would run the Javascript function “doSomethingJavascripty”, then cancel. While return true would run the same javascript function, and then proceed to “this.html”.
It’s entirely possible that there was some extra script at the top that would trap the “#” flag on the page name, and act accordingly, but I cannot be sure without seeing the actual code.