Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscation Variant Weakness

info
discussion
exploit
solution
references

Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscation Variant Weakness

It is reported that this issue is being actively exploited in the wild by malcode (MCID 2944); observed links that are spammed to users are as follows:

http://drs.yahoo.com/example.com/NEWS/*http://slashdot.org/#http://drs.yahoo.com/www.example.com/NEWS

http://drs.yahoo.com/www.example.com/NEWS/*http://www.security-warning.biz/personal6/maljo24/www.YAHOO.com/#http://drs.yahoo.com/mail.tju.edu/NEWS