Re: We'll see... - dslreports.com

Author	All Replies
graysonf Premium,MVM join:1999-07-16 Fort Lauderdale, FL	reply to ChrisDAT Re: We'll see... In order to have valid credentials that are going to be checked, you have to: Have a registered domain, Be in control of that domain, Have a DNS server that is authoritative for the domain, Have a mail server with the correct MX record and credentials in DNS, and Be in control of that DNS server in order to place the credentials into it. I don't see how a virus compromised machine is going to be able to come up with all of that.
	to forum · permalink · · 2004-01-22 17:34:55 ·
ChrisDAT Google Keyword Compsysnyc join:2002-02-26 Hollis, NY	Virus compromised and Hijacked machines can run an application that will have access to the PCs registry and applications in the same way the PC owner's mail application does, many of the hijacks actually use the same mail application using the user's configured authentication data to send mail to the same SMTP server [their ISP] that the user would use in sending an e-mail to mom. Execute Arbitrary Code -- means the bad app. can do anything at all that the unfortunate user can do on their PC while posing as them. What should get your attention is that in addition, the bad app. also has access to all of the information on the PC's hard disk[s] AND all of the attached network [LAN and Internet] resources that the PC has access to. It's no joke. The worst part is that these critters can infect and thus compromise your PC via your internet connection as a worm -- no e-mail involved here.
	to forum · permalink · · 2004-01-22 17:56:13 ·
JimF join:2003-06-15 Allentown, PA	reply to graysonf Don't they mean a virus (i.e., backdoor) compromised client machine, not a virus compromised SMTP server? The spam would then be like any legitimate email from that client machine insofar as SPF was concerned, but at least it would be traceable to that client.
JimF join:2003-06-15 Allentown, PA	to forum · permalink · · 2004-01-22 18:10:04 ·
graysonf Premium,MVM join:1999-07-16 Fort Lauderdale, FL	reply to ChrisDAT Well, I think if you look at the vast majority of the recent virii out there today, they don't work the way you say. They have their own bundled in SMTP engines, and send mail directly to the victim's mail server. The reason they do that is to avoid having ISPs notice huge loads of outgoing mail pouring off their SMTP servers. The ISP won't know anything about the problem until complaints about the direct SMTP abuse arrive. This is also why many ISPs now block all outgoing connections to port 25 except to their own SMTP servers. Doing that prevents direct SMTP abuse altogether. But, as you suggest, there is nothing to prevent a virus from looking into a mail client application to determine how it is configured to send mail (out thru the ISP's SMTP server) and just use it, unless SMTP auth is used with a hashed password. But that will be more noticeable by the ISP and doesn't rely on complaints coming back to be detected and halted.
	to forum · permalink · · 2004-01-22 18:12:33 ·


Thursday, 26-Nov 21:19:00	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF