[LINK] RFI: Spambot Architecture
Stilgherrian
stil at stilgherrian.com
Thu Aug 23 15:55:10 AEST 2007
Working on the principle that a quick answer that may be slightly wrong is
"close enough"...
On 23/8/07 3:32 PM, "Roger Clarke" <Roger.Clarke at xamax.com.au> wrote:
> I've always assumed that malware designed to despatch spam from
> zombie'd devices scattered around the world would generate the
> messages itself, and would not rely in any way on the device's own
> email-client.
Windows has MAPI (mail application programmers interface) built in, and
Outlook Express and Internet Explorer (as well as Outlook, I understand) all
use that library to send email. You can pretty much rely on its existence.
So any bot can therefore just issue MAPI calls to send email.
(Similarly, on a hacked *nix box, you can assume that you have the core
"mail" system call. And if it's a web server you can assume that you have,
say, PHP available to send email -- particularly if you have just hacked in
using a flaw in, say, WordPress which is written in PHP. I know this
first-hand, and have a copy of the bot that was installed on file for anyone
who's interested.)
I presume (note word!) that any email sent using MAPI will end up in the
Outlook Express outbox.
HTH,
Stil
--
Stilgherrian http://stilgherrian.com/
Internet, IT and Media Consulting, Sydney, Australia
mobile +61 407 623 600
fax +61 2 9516 5630
ABN 25 231 641 421
More information about the Link
mailing list