New reason to avoid 'unsubscribe' links.
By using an unsubscribe link in an e-mail, not only are you saying this is a live e-mail address, you are also have the risk of downloading a Trojan that turns your computer into an open proxy for sending spam MessageLabs The company has trapped several thousand messages laced with the special code in recent weeks. Other variations of the attack place keystroke loggers on victims' computers enabling the spammer to collect personal information--including passwords and financial account data--from the victim. MessageLabs says now 72 percent of all e-mail flying around the Internet is actually spam.
For years, experts have debated the real-life effect of clicking on unsubscribe links usually found at the bottom of spam. The links are now required by federal law, but conventional wisdom suggests "opting out" often has the opposite effect, because it announces to the spammer that the e-mail address is accurate and active.
That theory was partially debunked in July 2002, when the Federal Trade Commission announced results of a comprehensive study on spam. It found replying to opt-out messages didn't increase the amount of spam received, and usually, the links were broken, or sent messages to dead e-mail accounts. And on occasion, replying to the opt-out link actually did work, and result in less spam.
But the MessageLabs announcement regarding opt-out links gives consumers a whole new reason to not trust anything found inside a spammer's message.
It's easy for programmers to write tricky e-mails that send users to unexpected Web sites. A message might have hyperlinked words reading "http://MSN.MSNBC.COM," for example, but hidden computer code could really send the recipient to an entirely different site.
That's what's happening with these new opt-out messages. In some cases, the link simply aims potential victims at an executable file--a Trojan horse program sitting in a hidden location on the Internet. In others, slightly more elaborate techniques are used to inject code onto a machine after it is directed to a Web site.
|Printer friendly Cite/link Email Feedback|
|Date:||Nov 1, 2004|
|Previous Article:||US tough anti-spyware bill.|
|Next Article:||Quest 'InTrust' enhanced.|