On Fri, Dec 07, 2001 at 02:09:31PM +0000, Will Morton wrote:
I always thought that the best strategy would be to look through all mail folders, find the last email received from the target, and use the subject from that, adding 'Re: ' at the start. Delete the body of the mail and replace it with one of several variations along the lines of 'I thought this might be helpful: <Insert macro-trojaned .doc> Just click 'OK' when the dialog box pops up.'
That would get most PHBs I know...
One of the recent worms did exactly this. I can't remember which one, but it also set the From_ line to _victim@host.com, i.e. it added a leading '_' character. I'm still getting them (but on linux they don't do anything). This is the same worm that installed a keyboard sniffer. The log was emailed to an account somewhere and of course that account was quickly shut down. The worm author should have encrypted the logs and posted them to alt.anonymous.messages or some other newsfroup instead. That would have been truly dangerous, especially if the worm was stealthy.
I'm not a VB programmer, but I assume that sort of functionality is available from the Outlook COM object (or ActiveX object, or .NET Web Service, or whatever the hell it's called now :>)
It's properly called the Email Worm Author's Toolkit. Eric