Vmyths.com

Hoaxes, myths,
urban legends

Columnists


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

New computer virus spreads Alzheimers

Rob Rosenberger, Vmyths co-founder
Friday, 19 November 1999

WHY DID REPORTERS stop covering BubbleBoy? Email's death knell should have generated far more media coverage. AP, Reuters, CNN, MSNBC, BBC, Newsbytes, ZDNN, and news.com dropped it by 13 Nov.

Did it perhaps get bumped by the recent air catastrophe? I doubt it. EgyptAir 990 plunged more than a week before BubbleBoy surfaced.

It's just as well BubbleBoy went away — antivirus experts have short memories. I remember an "auto-malicious email" proof of concept way back in 1996. One year later, BO2K author "DilDog" demonstrated a sister technique and described how to exploit it as a realistic "email virus." In July of this year, I showed antivirus vendors how to attack networks with an email no one ever receives.

Antivirus experts have short memories. This event proves it.

Experts conveniently forgot this when the media clamored for interviews. Look who claimed BubbleBoy changes the way we perceive email security:

  1. " 'Historically, as long as you don't open e-mail attachments you're safe from virus infection, but this changes all that,' said [Network Associates VP Sal] Viveros. 'We've finally come to the point where if you're using e-mail, specifically Microsoft Outlook, you need to have some sort of virus protection or you shouldn't read e-mail.' "
  2. "Antivirus experts have long said that the only way to get infected through e-mail is to double-click on an infected file. That changed with BubbleBoy. The name, says Dan Schrader of antivirus company Trend Micro, 'is strangely appropriate because the virus writer is trying to imply that he's popping our bubble. I'm a little scared by this.' "
  3. "Researchers [at Network Associates] believed the threat is so serious that they notified the FBI, said Vincent Gullotto, director of the company's virus detection team. 'It could basically disable your PC easily,' Gullotto said. 'This could be a watershed.' "
  4. CNN video of Patrick Taylor (ISS): "What makes this one unusual is, traditionally you've had to open up an attachment, you've had to do something to get the virus. In this case, actually just looking at the e-mail message theoretically will infect you."
  5. CNN video of Abner Germanow (International Data Corporation): "[BubbleBoy] represents a totally new way of looking at how to deal with a virus... Now you need to you need to suspect e-mails that come from people that you don't know. So just clicking on an e-mail and viewing it can be potentially dangerous."
  6. " 'It's the first of it's type, because simply activating the e-mail that is infected will launch the virus,' said Chris Williams, senior manager at NAI Labs, the research arm of Network Associates, in Santa Clara, Calif. 'It totally bypasses the previous philosophy of 'don't open that attachment if you don't know what it is.' "
  7. From a Norman Data Defense press release: "[BubbleBoy thus] contradicts the common belief that it was impossible to be infected just by opening the e-mail itself."

I spotlighted Viveros' remarks, but I did congratulate him privately for a level-headed press release. However, the same press release implied Network Associates could immediately detect BubbleBoy at email gateways. This doesn't make sense from a technical standpoint, so I asked Viveros if he would clarify the issue for me at his convenience.[1]

Trend Micro's "advisory" included helpful pager numbers for reporters on tight deadlines.

Remember StarLabs? They'll soon stop providing email service as a precaution against unknown Y2K viruses. One of their "experts" started bothering other experts inside the WildList organization. A source (excellent reliability) forwarded this pungent request from StarLabs:

"Does anyone have a sample of the VBS/Bubbleboy virus (the one which infects Outlook when you read the email; you don't even have to open any attachments). A sample of the email generated would also be useful. I would like to urgently evaluate this new type of threat. Thanks, Alex."

Beyond.com rode on BubbleBoy's coattails with a press release "announc[ing] that it has posted links to the latest updates that detect the VBS/Bubbleboy worm infection on the company's Antivirus Center... Instant availability of digitally downloaded antivirus software allows consumers to take immediate steps to protect themselves against the latest viruses." Protect themselves immediately after the fact, anyway.

United Messaging (an email outsource provider) issued an "advisory" telling the press to contact their CEO for commentary. He's apparently a "leading expert on computer virus detection and e-mail virus precautions." Hang on while I write that down...


BUBBLEBOY MADE HEADLINES even in the popular "Mr. Showbiz" column. "Jerry Seinfeld and Jason Alexander might not be so happy to hear they've been immortalized in an e-mail virus," read a photo caption. U.S. News & World Report also latched onto the Seinfeld angle. This brings up a pet peeve of mine. Why do reporters focus on pointless trivia when they write about computer viruses?

Why do reporters focus on pointless trivia when they write about computer viruses? It makes no difference if BubbleBoy mentions Jerry Seinfeld, Princess Diana, Elton John, or Bart Simpson.

It makes no difference if a virus mentions Jerry Seinfeld, Princess Diana, or Bart Simpson for that matter. Try telling that to the media, though. Look what reporter Matthew Nelson wrote for InfoWorld: " 'Every variable [in BubbleBoy] has been named after Seinfeld characters,' said Dan Schrader, vice president of new technology, for Trend Micro. 'They even use references to Soup Nazi, Kramer — an amazing number of characters are in this thing.' " And your point would be...?

On a positive note, Janet Kornblum stayed focused in her USA Today story. (You go, girl!) Kudos to Rick Jurgens & Mark Boslet for likewise staying focused in their Dow Jones newswire. (You da men!) They even offered a killer tidbit: "Darren Kessner, senior virus researcher for Symantec Corp. (SYMC), was less impressed. 'This virus isn't anything special,' he said."