SPAM Unsubscribe Links May Be Infectious….
Just in case you are still tempted to use the unsubscribe link offered in most SPAM….
This just posted on the Kaspersky Lab - Analyst’s Diary:
“Today I ran across an interesting piece of spam. The ending contained an offer to unsubscribe by clicking “here”. Naturally, I clicked and landed on a web page (HTML) that supposedly checked my name against a database[*]. The page then showed me the following message: “your address has been removed from the mailing list”.
Sounds reasonable, doesn’t it? But … the end of the HTML file contains Exploit.HTML.Mht which uses the MHTML URL Processing Vulnerability to download malware: in my case it was Trojan-Dropper.Win32.Small.gr and Trojan-Spy.Win32.Banker.s.
Good reminder - never, ever unsubscribe from spam. At best you let the spammer know your address is live, and at worst you end up with an infected computer.”
I covered SPAM a while ago and made it clear that using unsubscribe links offered may ‘increase’ the amount of SPAM you get. Instead of removing you from their SPAM list you are in many cases proving you exist and acrually read their SPAM and are therefore a more valuable spam target. Furthermore your details will almost be certainly sold on to other spammers.
Many unsubscribe links end up on pages with scripting languages such as PHP, VbScript and JavaScript or other CGI scripts. These can carry out all sorts of tasks, including running malicious code to infect your computer. As mentioned above these pages may actually contain malicious content in their content or exploit vulnerabilities in your browser, to download malware, spyware or adware on to your PC. You have been warned.
And before anyone mentions the CAN-SPAM act [again 
]…….
Sorry, but the CAN-SPAM act is a joke, it doesn’t work and is only enforceable in the US; over 40% of SPAM originates outside the US. Also, most spam [70% World-wide] is now sent through botnets, so the spammer [be they US based or not] doesn’t care about the legal ramifications as they are already breaking the law.
In reality since the CAN-SPAM act was passed SPAM levels from the US actually went up!
[*] Please don’t try this at home, Aleks is a virus researcher for Kaspersky and he almost certainly wasn’t trying to really unsubscribe but to actually see what happened when he tried to. Furthermore this was almost certainly attempted with a dummy account rather than his ‘real’ e-mail address.
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
