> Well, that was what I was referring to, that it would harvest > addresses from Outlook/OE, and then send them. If the virus is > hardcoded to look in a place that does not exist, it won't be > able to find anything.
It uses the WAB in addition to scanning the cache and various other files for addresses, according to the analysis I read. > All I did was > save the open reply to the desktop and edit it with a text > editor, and when I was done, hit 'Send'. You can't do that through the 'send mail' API though; the virus would have to open the message window, feed messages into its message pump to simulate the user doing the save, editing that file as appropriate, and doing the send. Far easier just to talk SMTP. Regards, Ben A L Jemmett. (http://web.ukonline.co.uk/ben.jemmett/, http://www.deltasoft.com/) To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies. More info can be found at; http://www.softcon.com/archives/SURVPC.html
