Hoaxes, myths,
urban legends




About us


Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

Timofonica should impress me, right?

Rob Rosenberger, Vmyths co-founder
Wednesday, 7 June 2000

I BOUGHT TWO cell phones late last year. Each comes with its own email address — but they only get eight free emails each month. I called the customer support line to ask a math question:

Suppose a virus sends email randomly to the (319) 555- prefix. Suppose 10,000 computers get infected in one month and they each send a thousand random emails. This means each phone will receive a thousand spams from a thousand different people. Does this mean I'll owe you $158.72? If you have 400 phones in the prefix, will you collect $31,744 from your clients?

A virus writer rea­lized he could send spam to a cell phone email ad­dress. This should impress us? Fred Cohen (the father of com­pu­ter viruses) con­cep­tu­a­lized the idea three years ago.

Let's just say their response didn't match my expectation. And why should it? They never heard of a virus which sends email to cell phones. (Neither had I. To be honest, I only worried about spammers.) I later asked them to put a note in my billing records: "customer will not pay for spam emails."

Flash forward to the present. Newswires now describe a worm/virus payload which can send spam to cell phones. {yawn} This should impress us? First, anything software can do, a virus payload can do. Second, my math question stemmed from a 1997 lecture given by Fred Cohen, the father of the modern computer virus. Subtract from 2000, um, carry the one... Hey, this topic is three years old!

Cohen doesn't exactly stay quiet about this stuff. (Neither do I.) Once again, virus writers didn't advance the state of the art — they just caught up to it. Vesselin Bontchev (FRISK) offered this insight:

Every year, we (CARO) gather together at the Virus Bulletin conference and have a "nightmare scenarios" session — we try to figure out the worst things the virus writers could do if they had our knowledge, experience and intelligence. About 10% of the things we come up with become true — and usually with 3-5 years of delay.

In short, virus writers overwhelmingly qualify as wannabees.

F-Secure paved the way for media hysteria with a recent "WAP virus" PR campaign and I suspect their efforts will bear fruit. We'll hear plenty of worrywarts declare "cellular viruses are on the horizon!" Yeah, and pagers are dead already.

On the other hand, Timofonica perhaps comes too soon after the ILoveYou-NewLove-KillerRésumé orgasm. We might not see the "normal" amount of media-induced hysteria as a result. Most virus writers suffer from "premature infestation," making it all but impossible for them to wait for an opportune release date.

Does this virus spell the end of cellular/pager email? You know me: I make a living out of saying "no." Yes, midwives will wail about a plague of locusts, and we'll actually see a few locusts. Yes, copycats will modify the payload to spam every known cellular phone prefix on the planet. Yes, some fool out there will spam the White House's pagers, and yes, some other fool out there will implicate Taiwan's crack infowar team.

Then life will go on. We might not see the "normal" amount of media-induced hysteria — but it won't stop fearmongers from screaming "it's the end of cellular email as we know it." Every debate about cell phone viruses will quickly devolve from a "here & now" discussion to a "what-if when" speculation. Reporters will satisfy their fetish for juicy computer virus stories.

Then life will go on. The world's computing desire hasn't faltered after 14 years and 50,000+ viruses. We went right back to normal after Melissa, after Chernobyl, after ExploreZip, after MiniZip, after BubbleBoy, after ILoveYou, after NewLove, and after KillerRésumé. Even the glorious Y2K hysteria barely made us blink.

The world's com­pu­ting de­sire hasn't faltered after 14 years and 50,000+ viruses. Do you honestly think spam will stop us from re­ceiving email on our pagers & cell phones?

Do you honestly think spam will stop us from receiving email on our pagers & cell phones? Bah. This thing will blow over like every single worm/virus before it, and life will go on.

I FORESEE ONE interesting side effect. Cellular firms may stop charging for email after a virus targets one of their prefixes. Oh, they'll try for a few days to sort out the billing situation... Then they'll write it off as an effort in futility. Press releases will blame virus writers for both the loss of income and the wasted bandwidth. "We fell on our sword for our valued customers," cellular companies will moan.

Pity the poor Sir Lancelots. They don't know what it's like to receive millions of spams they can't charge customers for. Why, they'll end up feeling like... like... an ISP!