Thanks for the detailed response Laird. I was well aware that once
malware
is installed on a computer, the computer is "owned" by the author of
that
malware. I'm simply curious about the actual state of implementation
that
spamware has achieved.
I don't think spamware has gone as far as emulating physical user
input. It hasn't needed to so far, not by a long way. Instead, it
will simply harvest various databases on the machine (Outlook's address
book, for example), then start opening sockets and spewing SMTP.
The content and immediate destination(s) of the messages spewed in this
manner is pretty much irrelevant, although the engine appears to be
able to do various kinds of replacements and mangling on the message to
get it past content filters. I imagine a lot of the content production
work is still done offline, before a spam run.
The above is just an educated guess, however. I don't actually have
any of this software to hand for examination, nor do I think I want to.
I'd much rather work on the solution than the problem.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg