Slashdot Mirror


Spam Opt-out Link Triggers Malicious Code Attack

Maestro4k writes "The Register is reporting on a new spam E-mail circulating out there. In it, clicking on the 'Click here to remove' link launches a site, that when the user scrolls the page, triggers a drag-drop javascript exploit. Scarily the E-mail actually complies with the CAN-SPAM act as it only requires spammers to put an opt-out link in their mailings. As The Reg says "It comes as little surprise that this feature is been taken advantage of in a social engineering exploit; but it does illustrate the security problems of the opt-out approach that were always apparent to security experts - and ignored by legislators." The link in questions points to www. xcelent.biz (As in The Reg story, space intentionally included) so even if you can't block the mail yet it should be easy to block access to the site with the exploit. I suspect this is just the beginning and most spam will include "features" such as this in the near future."

1 of 327 comments (clear)

  1. You idiots by Anonymous Coward · · Score: -1, Flamebait

    What if the spam link was designed to flood a legitimate website?

    If I don't like my ex, how about I create a spam that points to her business or e-mail address?

    Then you crusaders will hack into her business, destroy her e-mail address, maybe even hunt her down believing she is evil (yes I'd like that).

    But the point is you were suckered into doing my bidding. And you didn't know for sure if the listed address was indeed from the person who annoyed you in the first place.

    I might as well call you guys Bush!.