[LINK] RFI: Spambot Architecture

Roger Clarke Roger.Clarke at xamax.com.au
Thu Aug 23 15:32:24 AEST 2007


I've always assumed that malware designed to despatch spam from 
zombie'd devices scattered around the world would generate the 
messages itself, and would not rely in any way on the device's own 
email-client.

My rationale was that:

(a)  a bot is general-purpose, and would need the capability to
      enveigle its way into whatever email-client its host was running.
      That would be a pretty challenging piece of design and programming.
      (Or does Outlook have such a big market-share and/or sufficient
      consistency among versions that an Outlook-only bot would do?)

(b)  if it used the local email-client, copies of the outgoing mail
      would go into the client's out-tray (or wherever any filters
      might move it to).  But to improve its survival chances, a bot
      should avoid disclosing its existence

OTOH, a couple of people have claimed to me that they've had email in 
their Outbox that they hadn't created.

Is anyone aware of credible claims of such things?

Is there any other circumstance that can result in 
not-manually-generated email turning up in the out-tray of an 
email-client?

Is it feasible for incoming mail to accidentally trigger filters that 
will place the incoming message in the Outbox?  And, if so, can that 
be, and has that been, exploited?

-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW



More information about the Link mailing list