[Full-Disclosure] AT&T early warning system

[Jimmy Alderson]

On Sat, Oct 18, 2003 at 12:27:23PM -0400, Hoho wrote:
> 
> Doesn't it seem like they're trying to violate causality? If the worm
> doesn't exist yet, then its associated traffic doesn't exist yet, hence
> there's nothing to detect. Wonder what those 'anomalies' were. Seems no
> more effective than just watching MS security patches and reading FD.
> -- 

Perhaps they were using memetic trending, which does violate causality,
but works pretty well nonetheless.

-Jimmy