Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'More Confirmation' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
More Confirmation
Authored by: Graff on May 12, '04 11:48:59PM

Sendmail and postfix are mail routing programs, they take an incoming mail and send it somewhere else. You can send mail without using sendmail or postfix. For example, through "do shell script" you could use the mail command or you could use the telnet command - both will work to send out e-mail.

So even though sendmail and postfix might not be activated you don't need them to send e-mail through the command-line. It would indeed be easy to make a self-replicating trojan out of AppleScript. Then again, it's not much easier or harder than using Java, Cocoa, Carbon, Perl, etc...

- Graff



[ Reply to This | # ]
More Confirmation
Authored by: ExecutiveEditor on May 13, '04 07:52:36AM
Sendmail and postfix are mail routing programs,
Yes.
they take an incoming mail and send it somewhere else.
Yes, but that's not all they do.
You can send mail without using sendmail or postfix.
Locally, yes, but not across the internet on a stock OS X installation. Try it; it will fail. If it doesn't, it's because you've enabled sendmail or postfix.
For example, through "do shell script" you could use the mail command
Not through a stock installation.
or you could use the telnet command
By telnetting to an outgoing mail server, sure--but that requires knowledge of a compromised mail server at the time the author is writing the script or it requires him to set up such a server--and the latter activity is likely to lead authorities to him.
So even though sendmail and postfix might not be activated you don't need them to send e-mail through the command-line.
Yes, you do, on a stock OS X installation.
It would indeed be easy to make a self-replicating trojan out of AppleScript.
Then make a proof-of-concept. Intego will be happy to publicize it. I look forward to seeing the stories... (By the way, it couldn't be "self-replicating." AppleScript requires the user to run it; "self-replicating," in the world of viruses, etc., is confined to programs that can be activated without user intervention--simply by opening an e-mail, visiting a webpage, etc.)

[ Reply to This | # ]
From my email...
Authored by: robg on May 15, '04 12:14:33AM
The following was sent in by an unregistered user; I thought it interesting enough to post. Everything below the hyphens is the user's text, not mine (previous replies noted by single and double bars -- |, ||).

-rob.
-------------------
|| You can send mail without using sendmail or postfix.

| Locally, yes, but not across the internet on a stock OS X installation. Try it; it will fail. If it doesn't, it's because you've enabled sendmail or postfix.

There are many mail agents out there. Most Windows mass mailing worms include their own smtp agent. For a simple mass mailer, they are trivial to write

|| For example, through "do shell script" you could use the mail command

| Not through a stock installation.

|| or you could use the telnet command

| By telnetting to an outgoing mail server, sure--but that requires knowledge of a compromised mail server at the time the author is writing the script or it requires him to set up such a server--and the latter activity is likely to lead authorities to him.

Actually, all you need is the address of the user's smtp server which can be found in this file:

~/Library/Preferences/com.apple.mail.plist

You'd probably want to use the XML parser to extract smtp server names correctly. Of course, since a worm isn't too concerned with efficiency, trying to nslookup all strings (i.e. those things within tags) would eventually work too.

So what's the answer? Don't run anything from unknown or untrusted sources!

[ Reply to This | # ]