Original URL: http://www.theregister.co.uk/2004/10/05/messagelabs_spam_warning/

Click here to become infected (Part 2)

Double whammy spammy

By ElectricNews.net

Posted in Security, 5th October 2004 20:14 GMT

New spam emails can turn vulnerable PCs into spam-spreading 'zombies'.

The spam has a link which purports to allow users to opt out of future emails. However, MessageLabs, an e-mail filtering company, warns that these links are part of a scam and, if clicked on, will turn a victim's PC into a conduit for the distribution of further spam. The bug uses a drag-and-drop JavaScript exploit in Internet Explorer to download a nasty .EXE file.

Messagelabs, which issued a similar warning about the problem more than a week ago, said today that it is still analysing the .EXE file, which is hosted on a suspicious website, but says users should know that the spammers behind the scam could change to a new site at any time by uploading a new Trojan. The site initially implicated in the spam was www. xcelent.biz (space inserted intentionally), which is no longer available.

"Users should already know that it is never a good idea to press the 'click here to remove' link on spam emails as it confirms to spammers that the email address is real," said Alex Shipp, MessageLabs' senior anti-virus technologist.

"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run, while spammers are busy in the background stealing confidential data."

Indeed, the firm warns that users on infected PCs could have their passwords or other confidential information stolen.

© ENN

Related stories

Click here to become infected
US credit card firm fights DDoS attack
P-cube goes hunting for zombie PCs
Click here to become infected
Rise of the Botnets
Telenor takes down 'massive' botnet