[LINK] RFI: Spambot Architecture
Roger Clarke
Roger.Clarke at xamax.com.au
Thu Aug 23 15:32:24 AEST 2007
I've always assumed that malware designed to despatch spam from
zombie'd devices scattered around the world would generate the
messages itself, and would not rely in any way on the device's own
email-client.
My rationale was that:
(a) a bot is general-purpose, and would need the capability to
enveigle its way into whatever email-client its host was running.
That would be a pretty challenging piece of design and programming.
(Or does Outlook have such a big market-share and/or sufficient
consistency among versions that an Outlook-only bot would do?)
(b) if it used the local email-client, copies of the outgoing mail
would go into the client's out-tray (or wherever any filters
might move it to). But to improve its survival chances, a bot
should avoid disclosing its existence
OTOH, a couple of people have claimed to me that they've had email in
their Outbox that they hadn't created.
Is anyone aware of credible claims of such things?
Is there any other circumstance that can result in
not-manually-generated email turning up in the out-tray of an
email-client?
Is it feasible for incoming mail to accidentally trigger filters that
will place the incoming message in the Outbox? And, if so, can that
be, and has that been, exploited?
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list