Spammers target 'opt-out' link

Business e-mail security provider, MessageLabs, has issued a warning to Internet users not click on the "opt-out" link on spam e-mails, as the company said it had discovered yesterday a number of messages using this function to open a spam distribution point on the recipient's computer.

Business e-mail security provider, MessageLabs, has issued a warning to Internet users not click on the "opt-out" link on spam e-mails, as the company said it had discovered yesterday a number of messages using this function to open a spam distribution point on the recipient's computer.

Dubbing it the "drag-and-drop javascript exploit", MessageLabs said the scheme uses an Internet Explorer bug to "download an EXE file when the mouse is scrolled across the malicious domain page, allowing the machine to be turned into an open proxy that spammers can control".

MessageLabs said that by clicking on the "click here to remove" link the user is directed to a Web page that "triggers an attempt to download malicious code onto computers". The company adds that once spammers are loaded in the users PC they can upload new Trojans "at any time".

Senior anti-virus technologist for MessageLabs, Alex Shipp, said "users should already know that it is never a good idea to press the 'click here to remove' link on spam e-mails as it confirms to spammers that the e-mail address is real".

"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run while spammers are busy in the background stealing confidential data," he said.