Re: Email From: Microsoft <firstname.lastname@example.org>
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: Fri, 26 Sep 2003 12:35:39 -0400
Or perhaps, someone like the blaster.a kid who got arrested. Someone who
simply takes the original makes a minor (M$) variation to it and passes it
I'm not convinced--I don't know the internals of the virus itself at all
well--just from descriptions.
Microsoft is aggressively filtering the newsservers, so the few we are
seeing are sort of the tip of the iceberg--many more are being filtered.
"Johannes H Andersen" <email@example.com> wrote in message
> Bill Sanderson wrote:
> > The posts to the newsgroups are also made by the virus itself.
> No, it's posted by the originator. If it was posted 'by itself' you
> would see multiple irregular postings just as the spam. Instead, you
> get carefully designed thread titles such as 'Try on this security
> update from M$' as well as cross posting. I believe the originator is
> following every step of the progress and diving in now and then.