I couldn't tell from the article... but are SMTP Servers which REQUIRE password authentication for sending immune from this particular type of spam? Or does the system somehow route the spam through a person's outlook, making use of the saved password for the default mail account?
If you know how the password is stored, you don't even need to launch Outlook to actually connect to the ISP server. The same vulnerability would also work with Thunderbird; you'd just need to know how to extract the saved password from the Mozilla profile.
