No when I say trojaned machine I mean someone places a trojan on my machine
and then
sends email on my account
None of these trojans work that way, at least not since Melissa or sometime
about then.
They all use built-in SMTP code to send mail on behalf of the user. The reason
is that
Microsoft closed this hole in Outlook and Outlook Express several years ago,
and any
version of either (since Outlook 98) that's been patched since about 2000 or
2001 blocks
external programmatic access and access to the address book without explicit
end-user
approval. If you'll read the analyses of how these things work you'll see that
they
don't use the MUA, they *are* an MUA.
If you know of a trojan that does what you claim please give me a specific
example, or
tell me how it would work. But they don't bother with the user's credentials
because
they don't have to.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer(_at_)ziffdavis(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg