Open proxies, as these remotely controlled computers are called, allow spammers anywhere in the world to "bounce" or route e-mail through the servers of other organisations, thereby disguising the real origin of the e-mail.
MessageLabs says that it has recently blocked several e-mails with a 'click here to remove' link that actually links to a web page containing malicious software. When the user scrolls down the page he unwittingly instructs his computer to download a file that turns his machine into an open proxy or zombie PC.
Once installed, the malware also allows spammers to upload further programs, which may seek to find confidential information contained on the computer.
"Users should already know that it is never a good idea to press the 'click here to remove' link on spam e-mails as it confirms to spammers that the e-mail address is real," warned Alex Shipp, MessageLabs' Senior Anti-Virus Technologist.
"This latest spam attack, however, presents a double whammy: it not only opens up the floodgates to endless amounts of spam as the address is sold to other spammers, but it allows a compromised machine to be used to host their next spam run while spammers are busy in the background stealing confidential data," he added.
The scam is just one of a variety of e-mail frauds that are hitting the headlines at the moment.
According to the BBC, a fraudulent e-mail is currently doing the rounds in the US, encouraging people to phone a premium rate number in order to support either of the Presidential candidates. The Register also reports on the latest eBay scam, an attempt to get payments for non-existent goods.
Meanwhile, in the UK, the growth of phishing – where e-mails appearing to come from legitimate businesses are sent in an effort to fish for recipients' financial details – persuaded the Association for Payment Clearing Services (APACS) to launch a one-stop advice web site for consumers, particularly those with on-line banking accounts, called banksafeonline.org.uk.
Technical solutions are also in demand as financial institutions battle against the phishing problem. FraudAction, a product from Cyota, was recently deployed by Barclays Bank and Barclaycard. It offers the real-time detection of phishing attacks, the shutting down of fraudulent sites as well as the conducting of forensic work on behalf of the bank, together with counter-measures that can help to catch the fraudsters.
Cyota will be speaking at OUT-LAW's forthcoming conference on phishing, to be held in Edinburgh in November (details below).