Spam Opt-out Link Triggers Malicious Code Attack

Maestro4k writes "The Register is reporting on a new spam E-mail circulating out there. In it, clicking on the 'Click here to remove' link launches a site, that when the user scrolls the page, triggers a drag-drop javascript exploit. Scarily the E-mail actually complies with the CAN-SPAM act as it only requires spammers to put an opt-out link in their mailings. As The Reg says "It comes as little surprise that this feature is been taken advantage of in a social engineering exploit; but it does illustrate the security problems of the opt-out approach that were always apparent to security experts - and ignored by legislators." The link in questions points to www. xcelent.biz (As in The Reg story, space intentionally included) so even if you can't block the mail yet it should be easy to block access to the site with the exploit. I suspect this is just the beginning and most spam will include "features" such as this in the near future."

YARTNUIE

[Ghengis]

Yet
Another
Reason
To
Not
Use
Internet
Expl orer.

Domain information

[Pig+Hogger]

Here is the domain registration information.

since they use YAHOO e-mail address for registration, they are worthy of being disconnected upon complaining to YAHOO.

Hint: complain to yahoo with the subject line: "[UNAUTHORIZED COMMERCIAL USE] win2save@yahoo.com" so they can see it quicker.

Domain Name XCELENT.BIZ
Domain ID D7752456-BIZ
Sponsoring Registrar CSL COMPUTER SERVICE (D.B.A. JOKER.COM)
Sponsoring Registrar IANA ID 113
Domain Status clientTransferProhibited
Registrant ID CNEU-105661
Registrant Name Anandan Krishan
Registrant Organization Iscon & Krishan
Registrant Address1 Suite 50-12
Registrant Address2 Jalan Yap Kwan Seng.
Registrant City Kuala Lumpur
Registrant State/Province KL
Registrant Postal Code 50450
Registrant Country Malaysia
Registrant Country Code MY
Registrant Phone Number +603.27756842
Registrant Facsimile Number +603.27756642
Registrant Email win2save@yahoo.com
Administrative Contact ID CNEU-105617
Administrative Contact Name Anandan Krishan
Administrative Contact Organization Iscon & Krishan
Administrative Contact Address1 Suite 50-12
Administrative Contact Address2 Jalan Yap Kwan Seng.
Administrative Contact City Kuala Lumpur
Administrative Contact State/Province KL
Administrative Contact Postal Code 50450
Administrative Contact Country Malaysia
Administrative Contact Country Code MY
Administrative Contact Phone Number +603.27756842
Administrative Contact Facsimile Number +603.27756642
Administrative Contact Email win2save@yahoo.com
Billing Contact ID CNEU-105617
Billing Contact Name Anandan Krishan
Billing Contact Organization Iscon & Krishan
Billing Contact Address1 Suite 50-12
Billing Contact Address2 Jalan Yap Kwan Seng.
Billing Contact City Kuala Lumpur
Billing Contact State/Province KL
Billing Contact Postal Code 50450
Billing Contact Country Malaysia
Billing Contact Country Code MY
Billing Contact Phone Number +603.27756842
Billing Contact Facsimile Number +603.27756642
Billing Contact Email win2save@yahoo.com
Technical Contact ID CNEU-105617
Technical Contact Name Anandan Krishan
Technical Contact Organization Iscon & Krishan
Technical Contact Address1 Suite 50-12
Technical Contact Address2 Jalan Yap Kwan Seng.
Technical Contact City Kuala Lumpur
Technical Contact State/Province KL
Technical Contact Postal Code 50450
Technical Contact Country Malaysia
Technical Contact Country Code MY
Technical Contact Phone Number +603.27756842
Technical Contact Facsimile Number +603.27756642
Technical Contact Email win2save@yahoo.com
Name Server NS1.GRAITHBOADER.BIZ
Name Server NS2.GRAITHBOADER.BIZ
Name Server NS2.TIKONDES.BIZ
Created by Registrar CSL COMPUTER SERVICE (D.B.A. JOKER.COM)
Last Updated by Registrar CSL COMPUTER SERVICE (D.B.A. JOKER.COM)
Domain Registration Date Wed Sep 15 03:53:27 GMT 2004
Domain Expiration Date Wed Sep 14 23:59:59 GMT 2005
Domain Last Updated Date Wed Sep 15 04:03:16 GMT 2004