On Mon, 2 Apr 2007, Duncan Hill wrote: > A good number of them seem to be coming from proper relays too - > at least one had SMTP AUTH header information. That, actually, is > slightly scary, because if it wasn't faked, it implies that the > malware spreading this spam is picking up more than e-mail > addresses.
...not necessarily. The 'bot might be dumping the messages in LookOut's outbox and letting it deliver the message along with the user's legitimate traffic via their authenticated channel. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- USMC Rules of Gunfighting #12: Have a plan. USMC Rules of Gunfighting #13: Have a back-up plan, because the first one won't work. ----------------------------------------------------------------------- 11 days until Thomas Jefferson's 264th Birthday