Click here to become infected
Evidence of a junk/spam e-mail making the rounds today shows a new way to get yourself infected with a Trojan or backdoor.
Quote:
Selecting the 'click here to remove' link on messages blocked by MessageLabs today triggers an attempt to load malicious code onto potentially vulnerable Windows PC.
Quote:
"I have not finished analysing the EXE currently hosted (currently called windows-update.exe), but the spammers can change this at any time by uploading a new Trojan. Typically, your machine may be turned into an open proxy, have passwords extracted, and keyloggers installed.
I have set-up a "Drop Dead" rule on my firewall to block the site named in the article, you may want to do the same.
Are we having fun yet? :rolleyes:
Cheers:
Re: Click here to become infected
Quote:
Originally posted here by DjM
Are we having fun yet?
Fun is to be had everyday in this line of work! :D
Seriously, this is another reason why I inform anyone who asks to NEVER use the 'Click here to remove me' link. Yes, in some cases this is a legitimate way to end spam from certain companies - however, I tend to sneak towards the side of caution, so I never click those - they could end up doing just the opposite, which is what the article alludes to.
Thanks for the heads up, I'm off to block that domain now..
Re: Re: Click here to become infected
Quote:
Originally posted here by Tiger Shark
I have blocked it too but the problem I can see is that with each new email they can switch domains so we're fighting a losing battle here.
And that's why I said are we having fun yet. I feel your pain Tiger, but at this point this seems like to only alternative to protect my company. Now I realize, a patched system will likely give us more protection but as I am sure you are aware patching is not an exact process. We have to test all patches that are released because of the variety of software & systems we run, the cure could be worse than disease.
Quote:
Originally posted here by Maverick811
Fun is to be had everyday in this line of work! :D
Seriously, this is another reason why I inform anyone who asks to NEVER use the 'Click here to remove me' link. Yes, in some cases this is a legitimate way to end spam from certain companies - however, I tend to sneak towards the side of caution, so I never click those - they could end up doing just the opposite, which is what the article alludes to.
Thanks for the heads up, I'm off to block that domain now..
This is also something I pound into the heads of my users, almost on a daily basis, but you know users, some of them, no matter how hard you hit them, just don't get the message.
:rolleyes:
Re: Re: Re: Click here to become infected
Quote:
Originally posted here by DjM
This is also something I pound into the heads of my users, almost on a daily basis, but you know users, some of them, no matter how hard you hit them, just don't get the message.
LOL, I think that statement can be said by all of us admins here on AO - I know that I've had to deal with some idiots on my network in the past.
