Business email security provider MessageLabs has issued a warning to Internet users not click on the "opt-out" link on spam emails, as the company said it had discovered yesterday a number of messages using this function to open a spam distribution point on the recipient's computer.
Dubbing it the "drag-and-drop jav*a*scr*pt exploit", MessageLabs said the scheme uses an Internet Explorer bug to "download an EXE file when the mouse is scrolled across the malicious domain page, allowing the machine to be turned into an open proxy that spammers can control".
MessageLabs said that by clicking on the "click here to remove" link the user is directed to a Web page that "triggers an attempt to download malicious code onto computers". The company adds that once spammers are loaded in the users PC they can upload new Trojans "at any time".
http://news.zdnet.co.uk/internet/sec...9169061,00.htm