Re: Email From: Microsoft <security@microsoft.com>

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 09/26/03


Date: Fri, 26 Sep 2003 12:35:39 -0400


Or perhaps, someone like the blaster.a kid who got arrested. Someone who
simply takes the original makes a minor (M$) variation to it and passes it
on.

I'm not convinced--I don't know the internals of the virus itself at all
well--just from descriptions.

Microsoft is aggressively filtering the newsservers, so the few we are
seeing are sort of the tip of the iceberg--many more are being filtered.

"Johannes H Andersen" <johs@sizefitter.com> wrote in message
news:3F7357E6.9C3776BF@sizefitter.com...
>
>
> Bill Sanderson wrote:
> >
> > The posts to the newsgroups are also made by the virus itself.
>
> No, it's posted by the originator. If it was posted 'by itself' you
> would see multiple irregular postings just as the spam. Instead, you
> get carefully designed thread titles such as 'Try on this security
> update from M$' as well as cross posting. I believe the originator is
> following every step of the progress and diving in now and then.