An article from The Register that I found on Slashdot today:
Click here to become infected
By John Leyden
Published Wednesday 22nd September 2004 09:15 GMT
Users should be wary of pressing the 'click here to remove' link on spam
messages because it serves to confirm to spammers that junk mail messages
are being read. Such email addresses can be sold at a premium to other
That's reason enough to simply delete spam messages, but a junk mail
message doing the rounds today provides an even more compelling reason.
Selecting the 'click here to remove' link on messages blocked by
MessageLabs today triggers an attempt to load malicious code onto
potentially vulnerable Windows PC.
MessageLabs is blocking spam linking to the domains www. xcelent.biz
(space deliberately inserted) which, if users click on the remove link and
IE bug to download and run an EXE file, currently been analysed by
Alex Shipp of MessageLabs writes: "I have not finished analysing the EXE
currently hosted (currently called windows-update.exe), but the spammers
can change this at any time by uploading a new Trojan. Typically, your
machine may be turned into an open proxy, have passwords extracted, and
"So not only do you confirm your email address to the spammers, you also
get to host their next spam run, and get your bank account cleaned out,"
The US's CAN-SPAM Act requires junk mailers to put an opt-out link on
their wares. It comes as little surprise that this feature is been taken
advantage of in a social engineering exploit; but it does illustrate the
security problems of the opt-out approach that were always apparent to
security experts - and ignored by legislators.