Truth About Computer Security Hysteria
When life hands you lemons...Rob Rosenberger, Vmyths co-founder
Friday, 16 February 2001
VMYTHS.COM READER GARY Henderson made this comment: "A simple hi-res picture of [Anna Kournikova] could readily clog up a lot of eMail servers, and no AV package would even blink!" True, true. If your email server crashes again, don't blame a virus.
A wannabee rock band just launched a virus hoax as a publicity stunt. Great. What next?
Anna's official website took full advantage of the hysteria. It offers "the best Kournikova photos available without trashing your hard drive." Hey, when life hands you a lemon...
You know what I love about computer security? I can visit Anna Kournikova's website, I can check out every tantalizing photo (especially her bra endorsements), and when my wife asks me what I did all day, I can say "honey, I scoured a website to confirm it had no viruses." I hear they've got a 17yr waiting list for computer security jobs at Victoria's Secret.
Longtime British reader John Gray expressed a common complaint: "we never trapped a copy of the I Love You virus ... [and] we haven't (yet?) received a copy of the Anna Kournikova virus (although our parent company has). What are we doing wrong??!" John, John, John. You should deal more often with public relations firms if you want to receive viruses. A reporter [name withheld] who spoke to me described the emails flowing in from all the PR wonks.
On a related note, I couldn't believe the audacity of cub reporters who deigned to speak with me. "I'm looking at nine copies in my mailbox right now. Whoops, there's two more. We're talking a worldwide epidemic here! Everybody's got to be infected." Everybody who works in PR, maybe. But if a reporter gets a virus, then the whole planet must have it — except for a few bored stiffs who read Vmyths.com.
Seriously: I need to re-think how I deal with 'man overboard' reporters. I deal much better with overwrought readers. They don't seem to display a reporter's pomposity. Take the following email exchange, for example:
Reader: I think you understate the impact of the worm in your rant. All I know is that in my small WAN, in which we have 86 users, we got hit 65 times in a 24 hour period, which indicates a wide level of infection.
I can throw a Lifesaver® to guys like him, but how do you throw one to a pompous reporter? "These figures come straight from an antivirus firm." Who didn't bother to collect data for the first 15 years. "They've got hard numbers this time!" Okay, how do you interpret the data? "It's huge!" Huge won't fly in a stats course. "I majored in journalism, not statistics." You state the obvious. "Ha ha, very funny. What about you, then?" Ouch, you got me there: I only own the alternate edition of Earl Swokowski's calculus book, and I still use my old Win31 version of Mathematica, and my ancient calculator runs on solar power, and I haven't taken a course taught by the math chair since 1995. Let's end this phone call before I embarrass myself further.
You know, looking back on it, perhaps I could do better if I toned down the sarcasm when I speak to repor-- nah.
I must admit I didn't know a thing about Ms. Kournikova before Monday. What can I say? I don't like to watch women who attack balls with blunt instruments. Many Vmyths.com nerds wrote me to say the same thing. (That they didn't know of Kournikova, I mean.) Nerds who did know about her quipped "she's world famous for yet another non-tennis reason."
Funny you should ask. A struggling rock band in St. Louis did just such a thing this week.
The band — aptly named "Disturbing The Peace" — launched a seed email on Monday, coincidentally just a few hours before Kournikova erupted into worldwide hysteria. It declared a "national warning" from a fictitious firm called "Digital Technologies Programming Software Development Laboratories."
The hoax alert warned "THERE IS A DANGEROUS VIRUS AT LARGE" and went on to describe how "an unknown group of terrorists" stole "the New Ice Age virus" from their laboratories. The firm announced it covertly writes software for the U.S. government's information warfare programs, and the stolen virus can infect every computer on the Internet.
"We are working around the clock," the publicity stunt continued. "We hope to have the NIA Anti-Virus up and running on February 15, 2001. It will be free and downloadable to the public. EVERY COMPUTER MUST BE EQUIPPED TO STOP THIS VIRUS!" It then provided a link to a website "for details." The website offered nothing more than a rehash of the alert.
Vmyths.com obtained a nearly pristine copy of the seed email. (A rare occurrence, I assure you.) It went to 26 users on AOL, Juno, Hotmail, etc. The band sent it to raw email addresses — no names — which suggests they picked unwitting users at random in an attempt to dupe them. We know one recipient forwarded it to 11 friends & family members, and one of them forwarded it to nine friends & family members...
Memo to the virus-hoax rock band: pack up your instruments and GET OFF Robynn Ragland's stage!
We only know of 26 original recipients at this point. The band may have launched more than one seed email (conceivable), or they may have included some "blind copy" recipients (unlikely). Only time will tell if this hoax grows legs....
Let's wrap up with some kudos. I want to publicly thank Nick FitzGerald (formerly of Virus Bulletin) and David Spalding (Hoax du Jour) for contributing manpower to this research. Thanks, guys.