Spammers exploit ‘click here to remove’ Trojan

Spammers are taking advantage of a newly discovered drag-and-drop JavaScript exploit that uses an Internet Explorer bug to download malicious .exe files when a mouse is scrolled across a specially coded domain page.

According to corporate email security firm MessageLabs, spammers have started to incorporate this exploit into unsolicited email hidden behind "click here to remove yourself from this mailing list" links.

Users falling victim to the exploit and clicking on the maliciously coded link risk allowing their machines to be turned into open proxies for distributing further spam under the spammer's control.

MessageLabs' Anti-Spam Service warned it has blocked multiple emails containing this "click here to remove" link that directs users toward a web page which triggers an attempt to download malicious code on to the user's computer.
The security firm said it is analysing the .exe file hosted on the website but went on to alert users to the fact that once PCs were compromised, spammers can change the code at any time by uploading a new Trojan. Such compromised machines are then vulnerable to having passwords stolen and keyloggers installed, as well as becoming open proxies.

Alex Shipp, MessageLabs' senior antivirus technologist, said: "Users should already know that it is never a good idea to press the 'click here to remove' link on spam emails as it confirms to spammers that the email address is real.

"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run while spammers are busy in the background stealing confidential data."




Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.