I wasn't spreading rumors. I read it on either CNN or a freshmeat link. The windows update site *was* cracked on Saturday. Maybe it was unrelated to the worm, maybe not. I am aware of how the worm works, but I haven't analyzed the code. It is possible that it has a different payload if it infects a M$ server than other servers. It may also be a different variant. I only scanned the article so can't say for certain if they indicated the exact infection. If I remember the worm uses lftp to download a payload, so how is it they could not be related? It is certainly possible to download an activex executable via lftp. regards, Brian > -----Original Message----- > From: Michael Schuermann [mailto:lists@schuermann.us] > Sent: Tuesday, August 12, 2003 4:44 PM > To: kclug@kclug.org > Subject: RE: Billy and his backdoor... > > > ummm, I doubt it, because the worm has nothing to do with > ActiveX.... if > you've looked at how the worm transmits itself, you'd see > that they could > not be related at all. Who knows why such an error message > was received from > WindowsUpdate.com on Saturday, but it wouldn't have been this worm. > > Make sure you know your facts before spreading rumors... > > Michael Schuermann > > -----Original Message----- > From: owner-kclug@marauder.illiana.net > [mailto:owner-kclug@marauder.illiana.net] On Behalf Of Brian Densmore > Sent: Tuesday, August 12, 2003 4:10 PM > To: KCLUG (E-mail) > Subject: RE: Billy and his backdoor... > > > Also, for those that didn't catch it. Someone one this list > or kulua pointed > out a unsafe activeX message from the update sight on > Saturday. Which according to the news was because the Windows > sight got > infected with the worm which the patch is supposed to fix. > Now how negligent > can these folks at M$ be? They have been spouting for weeks > that people need > to apply the patch, but they didn't even apply the patch to the server > serving up the patch!?!??!?!?!?!??!? Now that's ***LAME***. roflmao > > Brian > > > > > majordomo@kclug.org > > > > > majordomo@kclug.org >