'Click here to remove' link causes infection

By Derek Sooman on September 22, 2004, 9:42 AM
Its been strongly advised to e-mail users for some time not to click on any links that say 'click here to remove' when sent spam, as these links will not generally remove you from a spam mailing list. More likely, they will alert any interested parties that there is in fact a human being reading the garbage. So clicking these links was never recommended - it generally invited more spam as opposed to helping you to cut it down.

But a new junk mail message that could be on its way to a mailbox near you goes one over on this. Selecting the 'click here to remove' link on messages blocked by MessageLabs today triggers an attempt to load malicious code onto potentially vulnerable Windows PCs. Now that is nasty. You will want to read more about this, here.




User Comments: 6

Got something to say? Post a comment
Godataloss said:
The credit card processor for our website is currently under a ddos attack- can't process orders-cant check the books- this is freaking rediculous. I'm not saying I'm the sharpest tool in the shed, but its getting to the point where your IP should be forced to have a potential customer exhibit a basic knowledge of how to avoid turning their computers into spamfactories and the like BEFORE they are allowed to blunder their way onto the internet. This is the kind of action I want from congress- not a silly opt-out clause that only proved to be another avenue of exploitation! As more and more broadband connections come online and computers get faster and faster, its going to require fewer machines to cause the same kind of havoc. Something has to be done. Perhaps a TS academy for all potential surfers?;)
Phantasm66 said:
That's the problem, really. Computers are getting too powerful for people. Maybe, in the future, everyone will have to understand much more about computers than they do now, just to get by.
Unregistered said:
ye there have been alot of ddos attacks latly there was a realy long one on criten.net irc network and quite a few other networks
oceanview said:
How can you lay blame on the average user? Are they the one's who created the virus? I don't think so. Maybe we need to focus our energies on the POPUPS with never ending screens which "trick" users into creating the problem. And, maybe we need to have the ISP take more responsibilty for what is being sent /received. Surely if compaines have tools to quarantine suspect files the ISP's can play their part as well.I'm not a "super user", but many users are so overwhelmed that they unknowingly trigger the problem.We need more of the experienced users, PC vendors & the media to educate users with simple Do's & Dont's. Not writing "technojargon" that joe public will have trouble understanding.In other words, lets work together to control the problem, as it's not going away.Just my 2 1/2 cents.....Thanks...
Masque said:
Holding ISP's responsible isn't an answer....they're only providing the pipe. What needs to happen (as you've stated) is education for the newbies. How about the first time a new system is booted, the user is relegated to reading some simple, straight-forward information on internet responsibility including the use of virus scanners, firewalls and such before they're even allowed to use TCP/IP?This would at the very least open some eyes.Just my $.02
PlayfullyEvil said:
I agree with both oceanview & Masque's posts; in that, indeed it comes down to educating newbies. Nevertheless, ISPs assisting in some way does help matters somewhat. It's not to say we should hold them accountable for spam; but as much help as they can possibly give would be greatly appreciated, I'm sure.My current ISP is Rogers and their joint Rogers/Yahoo mail service has helped a little bit. Ultimately, it comes down to the end user whether to delete or read the "[Bulk]" mails as filtered by their server(s). Sadly, there isn't a 'bounce' feature in their filter. Nonetheless, both aforementioned posters make valid points on this subject.I guess one of the things Microsoft can do with Windows XP SP2's "Security Centre" is to deny access to the Internet unless the user has an anti-virus and/or firewall application of some sort. This as a safeguard to users from possible malicious attacks? Have it set to a 5 or 7-day grace period whereby the user must update their anti-virus definitions or firewall signatures, else be permanantly locked out of the Internet until it is updated or re-installed? I don't know of any suggestions for other Windows OSes, but seeing as MS products are a constant target for virus & trojans, I can only comment on Micro$oft's offerings.Just my 0.000005 cents worth.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.