The trojan could always read this data [[address book?]] directly. I don't
think they
can block that.
And that's what they do, although the typical pattern is that they read .wab,
.htm*,
.txt, maybe .doc files, and scan them for e-mail addresses. Interesting, but not
relevant to the main issue of authentication, except that to the extent that
these worms
read these addresses to determine from: addresses for their propagation, they
are even
less likely to spread through SMTP authentication.
Swen. But I don't think it uses data from Outlook or Outlook Express. It
simply pops
up a Window asking the user for his credentials.
A copy of this dialog box may be found at
http://securityresponse.symantec.com/avcenter/graphics/w32(_dot_)swen(_dot_)a(_at_)mm(_dot_)5(_dot_)gif(_dot_)
I have a
hard time believing. I doubt many people remember their SMTP server credentials
offhand,
since they are usually stored by the MUA for automatic use.
But anyway, if that's the best they can come up with I'm still sure that worm
spreading
would be cut dramatically. What they'd really need to do is to find ways to
crack the
SMTP AUTH credentials from the various MUAs that might be on a system.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer(_at_)ziffdavis(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg