Thanks for the detailed response Laird. I was well aware that once
malware is installed on a computer, the computer is "owned" by the
author of that malware. I'm simply curious about the actual state of
implementation that spamware has achieved.
I don't think spamware has gone as far as emulating physical user
input.
It hasn't needed to so far, not by a long way. Instead, it will
simply
harvest various databases on the machine (Outlook's address book, for
example), then start opening sockets and spewing SMTP.
Not according to the theme of that Spamhaus article. Spamware now
sends
email via the user's legitimate SMTP relay which may even have a
legitimate
SPF and/or SenderID record.
I'm aware of that.
I'm simply curious if Spamware has the ability
to steal user passwords "yet" which is somewhat trivial to a good
programmer.
I don't know the answer to that. What I can easily guess is that if it
becomes useful/necessary in order to continue operation, the spammers
will add that feature post-haste.
The content and immediate destination(s) of the messages spewed in
this
manner is pretty much irrelevant, although the engine appears to be
able to
do various kinds of replacements and mangling on the message to get
it past
content filters. I imagine a lot of the content production work is
still
done offline, before a spam run.
The above is just an educated guess, however. I don't actually have
any of
this software to hand for examination, nor do I think I want to.
I'd much rather work on the solution than the problem.
Ah, but a solution provider must first fully understand the nature of
the
threat in order to counter that threat. Developing a solution based
on a
theory is a waste of time if it can't meet real world threats.
I didn't say I wasn't interested in information. I'm just not
interested in ferreting around in the bowels of malware for that
information, and would rather let others find it and post it somewhere
useful, like ASRG.
Now, drawing from the information above, we know that spamware doesn't
yet implement every possible tool that we believe spammers *could*
use... but we also know that they adapt pretty darn quickly when they
see that a new feature becomes necessary to their operation. If we're
honest with ourselves, that basic truth has been evident for some time.
So, we need to devise a scheme which they *can't* adapt to. That's
what I'm working on.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg