Re: Email From: Microsoft <security@microsoft.com>

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 09/26/03


Date: Fri, 26 Sep 2003 12:35:39 -0400


Or perhaps, someone like the blaster.a kid who got arrested. Someone who
simply takes the original makes a minor (M$) variation to it and passes it
on.

I'm not convinced--I don't know the internals of the virus itself at all
well--just from descriptions.

Microsoft is aggressively filtering the newsservers, so the few we are
seeing are sort of the tip of the iceberg--many more are being filtered.

"Johannes H Andersen" <johs@sizefitter.com> wrote in message
news:3F7357E6.9C3776BF@sizefitter.com...
>
>
> Bill Sanderson wrote:
> >
> > The posts to the newsgroups are also made by the virus itself.
>
> No, it's posted by the originator. If it was posted 'by itself' you
> would see multiple irregular postings just as the spam. Instead, you
> get carefully designed thread titles such as 'Try on this security
> update from M$' as well as cross posting. I believe the originator is
> following every step of the progress and diving in now and then.



Relevant Pages

  • Re: OL 2003
    ... Check to see if you have included a portion of the email address or the ... the (insert latest virus name here) virus, all mail sent to my personal ... | placing emails in the Junk Mail box when the email ... | originator is on the safe senders list? ...
    (microsoft.public.outlook)
  • Report to Sender
    ... Incident Information:- ... Originator: freebsd-isp@xxxxxxxxxxx ... The file attachment readme_jkoopman.zip you sent to the recipients listed ... above was infected with the W32/Netsky.p@MM!zip virus and was successfully ...
    (freebsd-isp)
  • [SLE] Rejecting backscatter mail in postfix
    ... I'm receiving certain backscatter mail (ie, mail sent by postmasters, ... consisting of rejecting a mail with possible virus to the claimed ... originator, which in the case of virus, can be faked, and thus are ...
    (SuSE)
  • Re: Email From: Microsoft <security@microsoft.com>
    ... > The posts to the newsgroups are also made by the virus itself. ... it's posted by the originator. ... would see multiple irregular postings just as the spam. ...
    (microsoft.public.security.virus)