Printer Friendly

New reason to avoid 'unsubscribe' links.

We've always been told that trying to "opt-out" from spam messages is probably a bad idea. Spam filtering firm MessageLabs now says there's a new reason not to click--spammers are starting to sneak special code into that opt-out link which turns the spam recipient into an unwitting accomplice. The link is really a clever trick designed to turn the victim's computer into a zombie that can be used to send out more spam.

By using an unsubscribe link in an e-mail, not only are you saying this is a live e-mail address, you are also have the risk of downloading a Trojan that turns your computer into an open proxy for sending spam MessageLabs The company has trapped several thousand messages laced with the special code in recent weeks. Other variations of the attack place keystroke loggers on victims' computers enabling the spammer to collect personal information--including passwords and financial account data--from the victim. MessageLabs says now 72 percent of all e-mail flying around the Internet is actually spam.

For years, experts have debated the real-life effect of clicking on unsubscribe links usually found at the bottom of spam. The links are now required by federal law, but conventional wisdom suggests "opting out" often has the opposite effect, because it announces to the spammer that the e-mail address is accurate and active.

That theory was partially debunked in July 2002, when the Federal Trade Commission announced results of a comprehensive study on spam. It found replying to opt-out messages didn't increase the amount of spam received, and usually, the links were broken, or sent messages to dead e-mail accounts. And on occasion, replying to the opt-out link actually did work, and result in less spam.

But the MessageLabs announcement regarding opt-out links gives consumers a whole new reason to not trust anything found inside a spammer's message.

It's easy for programmers to write tricky e-mails that send users to unexpected Web sites. A message might have hyperlinked words reading "http://MSN.MSNBC.COM," for example, but hidden computer code could really send the recipient to an entirely different site.

That's what's happening with these new opt-out messages. In some cases, the link simply aims potential victims at an executable file--a Trojan horse program sitting in a hidden location on the Internet. In others, slightly more elaborate techniques are used to inject code onto a machine after it is directed to a Web site.
COPYRIGHT 2004 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Security
Publication:Software World
Geographic Code:1USA
Date:Nov 1, 2004
Previous Article:US tough anti-spyware bill.
Next Article:Quest 'InTrust' enhanced.

Related Articles
Industry braces for impact of layoffs.
Communicating e-ffectively. (Technology).
Three common mistakes in e-mail design. (Online Publishing).
The 411 on e-Mailing Lists.
Read all about it!
Microsoft sues seven sex spammers.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters