On 2004-03-01 06:12:09 -0500, Larry Seltzer wrote:
No when I say trojaned machine I mean someone places a trojan on my machine
and then
sends email on my account
None of these trojans work that way, at least not since Melissa or sometime
about then.
They all use built-in SMTP code to send mail on behalf of the user. The
reason is that
Microsoft closed this hole in Outlook and Outlook Express several years ago,
and any
version of either (since Outlook 98) that's been patched since about 2000 or
2001 blocks
external programmatic access and access to the address book without explicit
end-user
approval.
The trojan could always read this data directly. I don't think they can
block that.
If you'll read the analyses of how these things work you'll see that they
don't use the MUA, they *are* an MUA.
They are also the MTA.
If you know of a trojan that does what you claim please give me a
specific example, or tell me how it would work.
Swen. But I don't think it uses data from Outlook or Outlook Express. It
simply pops up a Window asking the user for his credentials.
But they don't bother with the user's credentials because
they don't have to.
They don't have to, currently. But if LMAP, MTA-Mark or blocking of port
25 becomes widespread, they will have to.
hp
--
_ | Peter J. Holzer | I think we need two definitions:
|_|_) | Sysadmin WSR | 1) The problem the *users* want us to solve
| | | hjp(_at_)hjp(_dot_)at | 2) The problem our solution addresses.
__/ | http://www.hjp.at/ | -- Phillip Hallam-Baker on spam
pgpcGUoZemuHR.pgp
Description: PGP signature