> It uses the WAB in addition to scanning the cache and various other files > for addresses, according to the analysis I read.
That's funny... are you sure?? Where did you read that? I just double checked, and Norton specifically states Outlook, but doesn't mention any cache scanning on Gibe. I don't remember Trend Micro, McAfee, Kapersky or SANS mentioning it either, but I could be mis-remembering. > You can't do that through the 'send mail' API though; the virus would have > to open the message window, feed messages into its message pump to simulate > the user doing the save, editing that file as appropriate, and doing the > send. Far easier just to talk SMTP. I'm not sure about this, but I will definitely be finding out pretty soon, as I am writing a small utility in C to open emails (spam in this case) loaded into a specific directory, and then to parse the entire message, header and all, returning email addresses, DNS's and mnemonic domain names (URL's), along with doing some basic comparison tests, like Date-Time stamps, and continuity between the routing fields in the header, for anomalies. The second step in the project will be to write a second process, that goes on-line to the nameserver, and runs WHOIS on the appropriate DNS and domain names, and returns the files on those folks. The third step in the project will be to prepare and mail the 'Request to Desist -UCE or spam' notices to the appropriate email addresses from the WHOIS files. Right now I am doing this job manually, and I am pretty sure that most, if not all of it can be automated with a little (or a lot) of creative coding. I think I can get the computer to do just about anything I can do (except actually think), once I get the algorithm written correctly. -wittig http://www.robertwittig.com/ to master others is nothing. to master yourself is something. . To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies. More info can be found at; http://www.softcon.com/archives/SURVPC.html
