On Tue, 2004-04-13 at 20:31, David wrote:
No way to
avoid that unless the ISP requires SMTP AUTH (which is rare),
rare ? well, here in spain what is rare is that any isp does not use
smpt auth.
and even then,
a clever hacker could probably obtain the hacked person's login info
somehow...
i think it's not possible for a virus to get the username/password
from the hacked computer.
I'd have to disagree here.
I'm on the DSBL admin mailing list (trying to help out people having
trouble de-listing their servers from the DSBL.org open relay/proxy
listing system) and I can tell you that SMTP AUTH abuse is already in
widespread use by spammers. The most common technique is just to
brute-force guess passwords, as described at:
http://www.spamhaus.org/rokso/search.lasso?evidencefile=2669
There's also been at least one case where a Yahoo! user had an open
relay that itself was configured to use SMTP AUTH as a client to
Yahoo!'s outgoing mail server, resulting in the listing of Yahoo!'s
server as a multihop open relay:
http://dsbl.org/message?13954231
As for a virus not being able to get SMTP AUTH passwords, you must be
forgetting about the very widespread virus "Swen", which popped up a
window and got the victim to type in their password for their POP
account. See:
http://securityresponse.symantec.com/avcenter/venc/data/w32(_dot_)swen(_dot_)a(_at_)mm(_dot_)html
This technique could easily be used to grab SMTP AUTH passwords too.
Cheers, Paul.
--
Paul Howarth <paul(_at_)city-fan(_dot_)org>