Spammers use 'opt-out' to install Trojan

Business email security provider MessageLabs has issued a warning to Internet users not click on the "opt-out" link on spam emails, as the company said it had discovered yesterday a number of messages using this function to open a spam distribution point on the recipient's computer.

Dubbing it the "drag-and-drop javascript exploit", MessageLabs said the scheme uses an Internet Explorer bug to "download an EXE file when the mouse is scrolled across the malicious domain page, allowing the machine to be turned into an open proxy that spammers can control".

MessageLabs said that by clicking on the "click here to remove" link the user is directed to a Web page that "triggers an attempt to download malicious code onto computers". The company adds that once spammers are loaded in the users PC they can upload new Trojans "at any time".

Senior antivirus technologist for MessageLabs, Alex Shipp, said "users should already know that it is never a good idea to press the 'click here to remove' link on spam emails as it confirms to spammers that the email address is real".

"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run while spammers are busy in the background stealing confidential data," he said.

ZDNet Australia's staff reported from Sydney. For more coverage from ZDNet Australia, click here.