On Thu 31 Jul 2014 at 17:37:21 +0100, Joe wrote: > On Thu, 31 Jul 2014 15:37:31 +0100 > Brian <a...@cityscape.co.uk> wrote: > > > What I do not understand is what prevents the malware (assuming it can > > signicantly control the machine) from using the same authentication to > > send spam as before. Isn't this back to square 1? > > I would assume it can, if it operates your email client under your > credentials. But this may well leave traces, when you find sent mail > that you definitely know you didn't send, or alien names added to your > address book, that the malware has failed to erase properly. It is
If a user notices these traces, all well and good; he can do something about it. If he doesn't notice his machine will continue to churn out spam, irrespective of what port is being used. > probably difficult for malware to pick security stuff out of the > Registry without making a valid logon. Microsoft may be rubbish at > general security, but these days it has to meet fairly strict standards > for email confidentiality if it wants corporate US clients, > particularly medical and legal ones. The preference is for malware to > use a primitive SMTP engine which is entirely separate from the > compromised system's email. I didn't know that. I don't envisage such an engine on my system but if it could read /etc/exim4/passwd.client (a plaintext file) it's in business. > Also, probably more important, your mail hosting company may well spot > the spam going through their own mail server, whereas they are probably > less likely to spot outgoing spam just passing through their routers, > along with hundreds of torrent feeds... I'm sure the ISPs will be > required to monitor and analyse all traffic in and out of their > customers' systems one day, but I doubt that they're looking forward to > it. I can well understand any decent ISP monitoring port 25 traffic through its network. Those who block port 25 may eventually come up with before and after statistics but somehow I doubt it; commercial confidentiality and all that. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140731174719.gk19...@copernicus.demon.co.uk
