[...]
Is this a suggestion that one can make use of a worm/virus to install a micro SMTP server on a Windows machine, or activate IIS's SMTP system?
Absolutely. SoBig, Jeem, and other Windows worms have included open SOCKS or bare TCP proxies and open SMTP relays (often on oddball ports) and many (including Swen) install their own mailing engine. Many Windows worms have done that trick, going back to Melissa. There has been some analysis done of Jeem that indicates that it is designed to build zombie armies subject to outside control for doing just about anything, including spamming.
The latest spamming worm I'm seeing most spam from looks like just a mailing engine with more than the traditional cluefulness on forging Received headers. It HELO's with the right rDNS name and has a faked Received header that looks plausible except for often using addresses as prior hops that are not actually in use on the Internet (i.e. IANA reserved ranges in classical A space and MILNet ranges that have no Internet connectivity)
-- Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
