Users warned of spam risk

An email security firm is warning users to be wary of clicking on the opt-out link in spam emails.

Managed email security firm MessageLabs has warned that it has intercepted messages where clicking on the opt-out link in the spam emails turns PCs into an open proxy for distributing further spam.

"The new Drag-and-Drop JavaScript exploit uses an Internet Explorer bug to download an EXE file when the mouse is scrolled across the malicious domain page, allowing the machine to be turned into an open proxy that spammers can control," according to a statement from MessageLabs.

In the statement the company said its anti-spam service had blocked emails containing a 'click here to remove' link that "directed users toward a web page which triggers an attempt to download malicious code onto computers".

Michael Rosch, technical manager for MessageLabs Asia Pacific, told iTnews that he wasn't surprised about this latest threat. "A lot of viruses today use social engineering attachments with an enticing subject line," Rosch said.

Rosch said we were now seeing the convergence between spam and viruses, where a machine could get infected with an executable file that opened it up to a hacker who could potentially gain remote access to relay spam from that machine.

He estimated that 66 percent of all spam MessageLabs intercepted was sent via these open proxies. The potential of this threat, Rosch said, was that attackers could harness the processing power of these machines to focus an attack, for example a denial of service attack on a big name brand.

Rosch said the simplest piece of advice for people was simply not to click on the opt-out clause in spam email, suggesting that they deleted the message instead. He also said it was important to keep machines patched.

Alex Shipp, senior anti-virus technologist at MessageLabs, said that users should know that it isn't a good idea to press on the 'click here to remove' link on spam emails, because it confirmed to spammers that the email address was real.

"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run while spammers are busy in the background stealing confidential data," Shipp said.