ChrisDAT
Google Keyword Compsysnyc
join:2002-02-26
Hollis, NY
| reply to graysonf
Re: We'll see...
Virus compromised and Hijacked machines can run an application that will have access to the PCs registry and applications in the same way the PC owner's mail application does, many of the hijacks actually use the same mail application using the user's configured authentication data to send mail to the same SMTP server [their ISP] that the user would use in sending an e-mail to mom.
Execute Arbitrary Code -- means the bad app. can do anything at all that the unfortunate user can do on their PC while posing as them. What should get your attention is that in addition, the bad app. also has access to all of the information on the PC's hard disk[s] AND all of the attached network [LAN and Internet] resources that the PC has access to.
It's no joke. The worst part is that these critters can infect and thus compromise your PC via your internet connection as a worm -- no e-mail involved here. |
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
| Well, I think if you look at the vast majority of the recent virii out there today, they don't work the way you say.
They have their own bundled in SMTP engines, and send mail directly to the victim's mail server. The reason they do that is to avoid having ISPs notice huge loads of outgoing mail pouring off their SMTP servers. The ISP won't know anything about the problem until complaints about the direct SMTP abuse arrive.
This is also why many ISPs now block all outgoing connections to port 25 except to their own SMTP servers. Doing that prevents direct SMTP abuse altogether.
But, as you suggest, there is nothing to prevent a virus from looking into a mail client application to determine how it is configured to send mail (out thru the ISP's SMTP server) and just use it, unless SMTP auth is used with a hashed password. But that will be more noticeable by the ISP and doesn't rely on complaints coming back to be detected and halted. |
