Re: Email From: Microsoft <>

From: Bill Sanderson (
Date: 09/26/03

Date: Fri, 26 Sep 2003 12:35:39 -0400

Or perhaps, someone like the blaster.a kid who got arrested. Someone who
simply takes the original makes a minor (M$) variation to it and passes it

I'm not convinced--I don't know the internals of the virus itself at all
well--just from descriptions.

Microsoft is aggressively filtering the newsservers, so the few we are
seeing are sort of the tip of the iceberg--many more are being filtered.

"Johannes H Andersen" <> wrote in message
> Bill Sanderson wrote:
> >
> > The posts to the newsgroups are also made by the virus itself.
> No, it's posted by the originator. If it was posted 'by itself' you
> would see multiple irregular postings just as the spam. Instead, you
> get carefully designed thread titles such as 'Try on this security
> update from M$' as well as cross posting. I believe the originator is
> following every step of the progress and diving in now and then.