[welder]

> Each box has a 50 email limit (FIFO) which was immediately overwhelmed.

That makes me think the malicious author didn't expect this to spread as wide as it did.

[mailinatorguy]

It's my guess that Mailinator is extremely irrelevant to their plan.

They planned to propagate via BCC but they needed a "To:" address - preferably one that didn't bounce.

So they hit the "h" key awhile, then added @mailinator.com

[meowface]

Would it have made a difference if they made the "To:" a non-existent address? Would a bounce also prevent delivery to BCC recipients?

[AstralStorm]

Technically, they have to defeat greylisting and server validity checks anyway to get mails accepted to most modern mail servers.

[fastest963]

Why didn't they just send the email to the recipient? What does the BCC add in this context?

[thehappy]

BCC recipients can't see (or contact) each other to mitigate the spread. If you look at the source code, it BCCs 99 contacts from the infected account per message.

[nthcolumn]

This is probably some kid. cutpastemonkey the code from here:

http://stackoverflow.com/questions/37321100/how-to-login-wit...

Probably sat in his bedroom right now waiting for the feds going 'wow that escalated quickly'.