Unsubscribing from spam – still not a good idea

Today I ran across an interesting piece of spam. The ending contained an offer to unsubscribe by clicking “here”. Naturally, I clicked and landed on a web page (HTML) that supposedly checked my name against a database. The page then showed me the following message: “your address has been removed from the mailing list”.

Sounds reasonable, doesn’t it? But … the end of the HTML file contains Exploit.HTML.Mht which uses the MHTML URL Processing Vulnerability to download malware: in my case it was Trojan-Dropper.Win32.Small.gr and Trojan-Spy.Win32.Banker.s.

Good reminder – never, ever unsubscribe from spam. At best you let the spammer know your address is live, and at worst you end up with an infected computer.

Read more:

Malware Evolution: January to March 2005
Microsoft Security Bulletin MS04-013

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *