Never Click ANYTHING In A Spam E-mail (Scroll-bar Exploit Description)

Contributor Icon Contributed by davak Date Icon September 22, 2004  
Tag Icon Tagged: Windows spyware

Why the user should never click on the opt-out link in SPAM.


The majority of spam messages contain a link that says something like the following:

“Click Here to Be Removed From the List”
“Click Here to Opt-out of More Email”
“Click Here if you Don’t Wish to Receive More Email from US”

These are all lies. Yes, lies. By clicking on any of these, you send a message to the spammer’s server which says that your email is valid. You have just proven to the spammer that your email address works. If nothing else, the spammer can now sell your email address to other spammers because he/she has proven that there is a real person behind your email address.

That’s the old reason not to click on those links. Here is the new, worse reason. Clicking on this link exposes you to an Internet Explorer exploit that allows trojans/spyware to be installed on your system… without you knowing it.

Here the original article about this:
http://www.theregister.co.uk/2004/09/22/opt-out_exploit/

Here’s the CERT information on the exploit:
http://www.kb.cert.org/vuls/id/526089

Here’s a proof-of-concept site to see if your system is open to this exploit:
http://www.mikx.de/scrollbar/

Previous recipe | Next recipe |
 
blog comments powered by Disqus