And in case it's not clear, I'm suggesting that it may be useful for them to deliberately create a "fake" virus that is easily detectable, and so cull the bounce messages.
Right, why should they do something passive that doesn't tip their hand and allows them to collect the information they need, when instead they can do something active and stupid that could possibly give away their position.
Think about it. In fact, apply Occam's Razor to this, in fine, thin slices:
If you were a TLA and you'd want to send a "fake" virus, it would need to be something that would trip every anti-virus software that anyone could possibly run, but yet, not be a virus, and you'd need to do so without giving away your IP address - while making it look like it came from lots of sources. If you'd only use a single IP address, the guy that runs the node would likely block you as a virus source.
Then, on top of it, you'd have to *HOPE* that none of your targets saw the real version of the virus, and then bothered to compare the two, or worse yet, dissect the decoy you've sent, and figure out that it isn't real.
How's would you do this and have it be successful? Unless, of course, you wish to claim that the TLA's wrote the anti-SCO viruses? In which case, there's a lovely bridge between Brooklyn and Manhattan that I would gladly sell you... Real cheap... it's a bit old, but it's in decent shape... No? How about some nice foil hats? Real cheap... For you, only $100 each (plus tax of course)... guaranteed to be made of 100% aluminum foil.
Or would you instead, simply just stick a Carnivore machine at one hop above each CDR node that you're interested in, and gather the information you wanted with nearly zero risk of tipping your hand? Or even simpler than that, get a hotmail or yahoomail account and just subscribe. Which of the above scenarios makes the most sense in terms of Occam's?
P.S.: I stand by my original statement: the collective IQ of the posters on list is dropping.
