Unsubscribing from spam – still not a good idea

Today I ran across an interesting piece of spam. The ending contained an offer to unsubscribe by clicking “here”. Naturally, I clicked and landed on a web page (HTML) that supposedly checked my name against a database. The page then showed me the following message: “your address has been removed from the mailing list”.

Sounds reasonable, doesn’t it? But … the end of the HTML file contains Exploit.HTML.Mht which uses the MHTML URL Processing Vulnerability to download malware: in my case it was Trojan-Dropper.Win32.Small.gr and Trojan-Spy.Win32.Banker.s.

Good reminder – never, ever unsubscribe from spam. At best you let the spammer know your address is live, and at worst you end up with an infected computer.

Read more:

Malware Evolution: January to March 2005
Microsoft Security Bulletin MS04-013

Unsubscribing from spam – still not a good idea

Your email address will not be published.



Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox