Hi !!
I'm on the DSBL admin mailing list (trying to help out people having
trouble de-listing their servers from the DSBL.org open relay/proxy
listing system) and I can tell you that SMTP AUTH abuse is already in
widespread use by spammers. The most common technique is just to
brute-force guess passwords, as described at:
http://www.spamhaus.org/rokso/search.lasso?evidencefile=2669
just to be curious, how did they know spammers where really using
smtp auth ? looks like the spammers have found a vulnerability in
MS Exchange that allows to relay even when smtp auth has failed
but nothing indicates that they have really found a working
username/password inspecting the user computer. In the other hand,
brute force dictionary attacks have little chances of exit in
real life and are easely detectable.
As for a virus not being able to get SMTP AUTH passwords, you must be
forgetting about the very widespread virus "Swen", which popped up a
window and got the victim to type in their password for their POP
account. See:
>
>http://securityresponse.symantec.com/avcenter/venc/data/w32(_dot_)swen(_dot_)a(_at_)mm(_dot_)html
true, but as far as i know this is the only effective way to get the
username/password from the user.
--
Best regards ...
If little else, the brain is an educational toy.
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------