Access keys | Skip to primary navigation | Skip to secondary navigation | Skip to content | Skip to page tools | Skip to footer |
Problems viewing this site
Feature News and Research title Feature News and Research image top
CITEC feature news Feature News and Research image bottom

New reason to avoid 'unsubscribe' links: clicking could turn you into a spammer, too

08 October 2004

We've always been told that trying to "opt-out" from spam messages is probably a bad idea. 

CITEC’s security solutions partner MessageLabs now says there's a new reason not to click - spammers are starting to sneak special code into that opt-out link which turns the spam recipient into an unwitting accomplice.

The link is really a clever trick designed to turn the victim's computer into a zombie that can be used to send out more spam.

"By using an unsubscribe link in an e-mail, not only are you saying this is a live e-mail address, you also have the risk of downloading a Trojan that turns your computer into an open proxy for sending spam," said Brian Czarny, MessageLabs spokesman.

The company has trapped several thousand messages laced with the special code in recent weeks, Czarny said.

Other variations of the attack place keystroke loggers on victims' computers, he said, enabling the spammer to collect personal information - including passwords and financial account data - from the victim.

Spam continues to be an incredible nuisance for Internet users. MessageLabs says 72% of all e-mail flying around the Internet is actually spam.

The MessageLabs announcement regarding opt-out links gives consumers a whole new reason to not trust anything found inside a spammer's message.

It's easy for programmers to write tricky e-mails that send users to unexpected websites. A message might have hyperlinked words reading: "http://msn.msnbc.com," for example, but hidden computer code could really send the recipient to an entirely different site.

"That's what's happening with these new opt-out messages," Czarny said.

In some cases, the link simply aims potential victims at an executable file -- a Trojan horse program sitting in a hidden location on the Internet. In others, slightly more elaborate techniques are used to inject code onto a machine after it is directed to a website.

"And there are definitely more complex versions of this we're starting to see," he said.

Either way, high security settings in Web browsers will protect most consumers from downloading unwanted software; updated anti-virus software and firewalls can help, too. But the only sure-fire protection: Just delete the spam right away.

About MessageLabs

MessageLabs is the leading provider of managed email security services to businesses based on market share, according to the Yankee Group Security Solutions & Services, February 2004 Report. The company offers industry-leading managed Anti-Virus, Anti-Spam, Image Control and Content Control services to more than 8,500 businesses around the world to combat email threats before they reach corporate networks and without the need for additional hardware or software. For more information on MessageLabs, please visit www.messagelabs.com.

minor dividing line

Read more CITEC feature news

grey line

CITEC RSS feedCITEC feed available.

Read more about RSS at CITEC. Not sure what is RSS?
Related links

» CITEC feature news

Ask a CITEC analyst