“Click Here To Remove” Trojan Turns Pcs Into Spammers’ Dream

London, 5th October 2004 – MessageLabs, the leading provider of managed email security services to businesses, is today urging global email users not to click on the opt-out link on spam emails as it has intercepted a number of messages using this feature to turn PCs into open proxies for distributing further spam.

The new Drag-and-Drop JavaScript exploit uses an Internet Explorer bug to download an EXE file when the mouse is scrolled across the malicious domain page, allowing the machine to be turned into an open proxy that spammers can control.

MessageLabs’ Anti-Spam Service has blocked several emails containing a “click here to remove’ link that directs users toward a web page which triggers an attempt to download malicious code onto computers.

MessageLabs is analysing the EXE file hosted on the web site but alerts users to the fact that once loaded, spammers can change it at any time by uploading a new Trojan. Machines are then vulnerable to having passwords stolen and keyloggers installed, as well as becoming an open proxy.

In September, MessageLabs scanned more than 1.45 billion emails worldwide for spam, of which over 1.05 billion or 72.14% (1 in 1.39) were stopped as spam (404.68 per second).

Alex Shipp, MessageLabs’ Senior Anti-Virus Technologist, explains:

“Users should already know that it is never a good idea to press the ‘click here to remove’ link on spam emails as it confirms to spammers that the email address is real. This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run while spammers are busy in the background stealing confidential data.”

During September, MessageLabs also scanned over 1.78 billion emails for viruses, Trojans and other malicious content, and more than 86 million or 4.83% (1 in 20.69) were intercepted (33.27 per second).

MessageLabs discovered the use of this new technique as part of their analysis of the 70 million emails a day scanned on behalf of its 9,000 customers.

About MessageLabs
MessageLabs is the leading provider of managed email security services to businesses based on market shares or revenue according to the Yankee Group Security Solutions & Services, February 2004 Report. The company currently offers industry-leading protection to more than 9,000 businesses around the world from email threats such as viruses, spam and other unwanted content before they reach their networks and without the need for additional hardware or software. Powered by a global network of control towers that currently spans 13 data centres in the United States, the United Kingdom, Germany, the Netherlands, Australia and Hong Kong, MessageLabs scans millions of emails a day on behalf of customers such as The British Government, The Bank of New York, Bertelsmann, Bic, CSC, Conde Nast Publications, EMI Music, Diageo, Orange, Random House, SC Johnson and StorageTek. The company has more than 600 channel partners, including BT, Cable & Wireless, CSC, IBM, MCI and Unisys. The information relating to MessageLabs’ services contained in this news release is based on data generated internally by MessageLabs and has not been subject to an independent review by a third party. For more information on MessageLabs and its industry-leading email security and management services, please visit www.messagelabs.com.