Feeds

Click here to become infected (Part 2)

Double whammy spammy

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

New spam emails can turn vulnerable PCs into spam-spreading 'zombies'.

The spam has a link which purports to allow users to opt out of future emails. However, MessageLabs, an e-mail filtering company, warns that these links are part of a scam and, if clicked on, will turn a victim's PC into a conduit for the distribution of further spam. The bug uses a drag-and-drop JavaScript exploit in Internet Explorer to download a nasty .EXE file.

Messagelabs, which issued a similar warning about the problem more than a week ago, said today that it is still analysing the .EXE file, which is hosted on a suspicious website, but says users should know that the spammers behind the scam could change to a new site at any time by uploading a new Trojan. The site initially implicated in the spam was www. xcelent.biz (space inserted intentionally), which is no longer available.

"Users should already know that it is never a good idea to press the 'click here to remove' link on spam emails as it confirms to spammers that the email address is real," said Alex Shipp, MessageLabs' senior anti-virus technologist.

"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run, while spammers are busy in the background stealing confidential data."

Indeed, the firm warns that users on infected PCs could have their passwords or other confidential information stolen.

© ENN

Related stories

Click here to become infected
US credit card firm fights DDoS attack
P-cube goes hunting for zombie PCs
Click here to become infected
Rise of the Botnets
Telenor takes down 'massive' botnet

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.