On 10/13/2015 02:02 AM, Stuart Longland wrote:
On 13/10/15 18:22, to...@tuxteam.de wrote:
On Tue, Oct 13, 2015 at 01:54:53AM -0700, Jimmy Johnson wrote:
[...]
It's a popular client to spoof too.
I'm just saying that there is a possible bot running and the chances
are it's running in a windows environment, maybe even in a v-box,
just a thought.
If I were the bot programmer, this would be the first thing I'd try to spoof.
Depending on the bot programmer, they probably send an email to
themselves using Outlook Express then view the message source and paste
that into their code.
Stuart actually the owned computer sends the emails, it's all done in
the background, the box needs to be scanned with a bootable cd so the
virus can't write back to it. This is the one I used to use before I
retired https://www.f-secure.com/en/web/labs_global/rescue-cd
--
Jimmy Johnson
Debian Sid - KDE Plasma 5.4.1 - AMD64 - EXT4 at sda15
Registered Linux User #380263
