Hot News Hoaxes Resources Rantings Absurd About Us Search
Resource categories

New to Vmyths?

Newsletter Sign-up

Can Screensavers Give Your Business a Competitive Edge?

Resources | Vmyths 'virus hysteria alert' archive

16 February 2005, 18:45 CT: mi2g issues absurdly precise guesstimates
CATEGORY: Hysteria related to a publicity stunt

On 16 February 2005, computer security firm "mi2g" unveiled its guesstimates for "global economic damage" over the last nine years resulting from "all types of digital risk manifestations."

Vmyths dismisses mi2g's figures as a blatant publicity stunt.

Every guess in mi2g's report is absurdly precise. In 2004, for example, they calculated the total "global economic damage" at $456,134,500,000 to $557,497,700,000. These figures reveal an accuracy of plus or minus $100,000, worldwide, for "all types of digital risk manifestations" in 2004.

mi2g used SEVEN significant figures in many of their guesses. In economic terms, it means mi2g's underlying data must be accurate TO THE DIME, if not to the penny. As in, "the MyDoom attack caused precisely $368,714.2 in total economic damage to corporate site X, while the Klez virus caused precisely $117,644.9 in total economic damage to military site Y..."

No respected economics expert will declare five significant figures -- let alone seven! -- for the total cost of the World Trade Center attack in September 2001. It would violate the economic analogy for Heisenberg's Uncertainty Principle. Yet mi2g offers absurdly precise global computer security economic damage guesstimates for every year back to 1995.

mi2g has never explained how THEY ALONE can acquire enough absurdly accurate microeconomic data to satisfy their macroeconomic forecast model. Assuming such a model even exists.

mi2g has repeatedly declared "$1,500.00" for the cost of one manday. But here's the catch: they won't call it a manday. Rather, they call it an "equivalent person day." mi2g has never adequately defined this term.

We've highlighted mi2g in multiple Hysteria Alerts and we maintain a "Hysteria roll call" resource on them dating back to 1999:

mi2g "Hysteria roll call" resource:
Hysteria Alerts archive:

mi2g has threatened to sue Vmyths for libel (see "> for details). For the record: we stand by our criticisms. However, Vmyths prides itself for an industry-leading "corrections and clarifications" page. Anyone may write to to contest our claims & accusations. Anyone may visit to rebut our opinions & criticisms.

Do the math, folks. mi2g's guesstimates are a publicity stunt. Stay tuned to Vmyths.

16 February 2005, 18:55 CT: 'Lexus car virus' is an urban legend
CATEGORY: Hysteria over a computer security URBAN LEGEND

The computer security community has largely been DUPED by the legend of a computer virus in Lexus automobiles. Vmyths blames the spread of this legend on many experts and pundits who failed to exercise "caveat lector" when they retold the story in their own words.

Trust us -- antivirus experts are NOT test-driving automobiles. Visit for full details on this urban legend.

Stay calm. Stay reasoned. And stay tuned to Vmyths.

15 September 2004, 01:55 CT: Hysteria predicted for 'JPEG Processor' vulnerability
   (1) Misconceptions about a real computer security threat
   (2) A historical perspective on recent hysteria

Microsoft has issued a "critical" alert regarding a "buffer overrun" in software it uses to display JPEG images. In theory, if you try to view a specially crafted JPEG file, it could take over your computer and do whatever it wishes. Microsoft has released a security patch to fix this buffer overrun. Vmyths urges you to download the patch, install it, and get on with your life.

   Buffer Overrun in JPEG Processing Could Allow Code Execution:

Vmyths believes media outlets will POUNCE on this story, because (a) Microsoft announced a "critical" vulnerability in the way its software reads an ubiquitous file type, and (b) computer emergency response teams have issued their own alerts. Watch for breathless speculation and hysteria in the coming days. Some naďve system administrators may tell reporters they'll delete JPEG files from emails and refuse to let web browsers display JPEG files, "strictly as a precaution." (We don't expect anyone will implement this Draconian measure for very long. We believe too many users will clamor against it.)

   Remember this when virus hysteria strikes:

Microsoft's "JPEG Processor" vulnerability manifests itself as a buffer overrun in a piece of software. It is NOT caused by the JPEG file format itself. Buffer overruns are extremely common: you'll find them in almost every large software application (even antivirus software). They can create situations where even a filename itself can wreak havoc. By definition, every buffer overrun will eventually join its brothers in the land of obscurity.

   Buffer overruns in antivirus software:

The "Code Red" worms successfully exploited a buffer overrun in 2001, and Vmyths believes some reporters will allude to this -- as if to imply a horrific JPEG attack may be just around the corner. Buffer overruns are extremely common, yet they only rarely ever get exploited. Researcher Georgi Guninski, for example, publishes "proof of concept" exploits for many of the "critical" buffer overruns he finds. Guninski's exploits have never made a splash despite his best efforts.

A little history -- this isn't the first time an image file format has come under fire. An April Fool's joke targeted JPEG files a decade ago:

   1994 April Fool "JPEG virus" alert:

In 2001, researchers claimed a specially crafted GIF file could be used to cause a buffer overrun in Microsoft Outlook. It was purely a coincidence that a GIF file could exploit this threat.

In 2002, the "Perrun" virus added software to the computers it infected, then it modified the Windows registry so future viruses could "ride" inside a JPEG file. The virus writer could have chosen to do the same thing with GIF files or even TEXT files. Antivirus vendor Sophos urged restraint over the Perrun virus, saying "some anti-virus vendors may be tempted to predict the end of the world as we know it, or warn of an impending era when all graphic files should be treated with suspicion. Such experts should be ashamed of themselves."

   McAfee gets slapped in 2002 for "JPEG virus" alert:

Vmyths suspects a hoax virus alert will arise with instructions to delete the JPEG registered file type in Windows. (It's practically a self-fulfilling prophesy.) Such a hoax will play on the user's misconception of the threat. Don't take unsolicited advice from people who are NOT experts. Users will self-damage their operating systems if they delete the JPEG registered file type.

   False Authority Syndrome

Stay calm. Stay reasoned. And stay tuned to Vmyths.

   Phone call from Kevin Poulsen, SecurityFocus

31 August 2004, 18:15 CT: Follow-up on latest cyber-terror prediction
CATEGORY: Dire predictions of a cyber-war or cyber-terrorism

Russian news agency MosNews now reports "there was no terrorist attack on the Internet on August 26" as had been predicted. According to Kaspersky Labs spokesman Alex Zernov, "media reports had attracted huge attention to this information and caused users to strengthen security measures. 'This made [the scheduled cyber-terror launch] date less favorable for the attack,' Zernov said. 'Terrorists are not in a hurry because of such a serious reaction,' he added."

   MosNews follow-up story with photo:

   Vmyths coverage of the cyber-terror prediction:

MosNews claims Zernov spoke directly to them. If they correctly reported Zernov's comments, then Vmyths insists he is sorely mistaken on two major points.

First, only the Russian media focused "huge attention" on the predicted cyber-terror event. Computer security firms, government agencies, and mainstream global newswire services didn't warn of an alleged threat. Second, Vmyths has seen NO objective evidence to suggest computer users strengthened their security measures on or around 26 August.

Computer security fearmongers almost always applaud the media for "getting the word out" after their predictions flop. If MosNews correctly reported Zernov's comments, then it suggests Kaspersky Labs may be trying to backpedal with the Russian press. This in turn would imply the antivirus firm engaged in a much larger publicity stunt on 24 August than Vmyths first suspected.

On a lighter note: MosNews published their follow-up story with a photo of "Chechen terrorist Shamil Basayev" using a laptop in an unidentified woodland area. Basayev has threatened to launch "kamikaze" attacks in Russia, but Vmyths found nothing to suggest the warlord will mastermind a cyber-terror event in the near future.

Stay calm. Stay reasoned. And stay tuned to Vmyths.

26 August 2004, 17:25 CT: Cyber-terror attack canceled for lack of interest
CATEGORY: Dire predictions of a cyber-war or cyber-terrorism

Media warnings of a looming "Internet Terrorist Attack," supposedly planned for today, have proven unfounded. As usual, Islamic "suicide hackers" failed to report for duty. (See for background info on "suicide hackers.")

In our previous Hysteria Alert, Vmyths said it asked Kaspersky Labs to comment on the "threat" of an Islamic cyber-attack predicted for today. We promised to publish their response as soon as we got it. Founder Eugene Kaspersky quickly responded to our inquiry. Visit for his verbatim reply. We assumed Kaspersky Labs was quoted out of context to some extent, and their email to Vmyths reinforced our belief. This media event looks like a "worst-case scenario briefing" gone awry.

Some computer security websites went so far as to ridicule the notion of a looming cyber-terror attack. These sites used a coordinated "self-defacement campaign" as a humorous way to get their points across. A list of SELF-defaced websites includes:
Vmyths applauds these sites for their sense of humor.

Vmyths made three initial predictions in our previous Hysteria Alert. First, we said news outlets around the world would report the "Internet Terrorist Attack" prediction without question. Second, we said a few news outlets would acknowledge the prediction flopped today. Third, we said the media would dump the story tomorrow as a non-event. Prediction #2 came true and we fully expect the same for prediction #3.

Prediction #1 proved correct, although not in the magnitude we implied. Reuters, the Associated Press, Bloomberg, and other major western newswires displayed a healthy dose of journalistic common sense. Vmyths has forged relationships with computer security reporters over the years and we feel our previous Hysteria Alert destroyed the sensationalism of the "Internet Terrorist Attack" story. But we cannot objectively demonstrate the value of our Hysteria Alerts. As such, Vmyths must acknowledge prediction #1 did not come true in the magnitude we implied.

The day is still young, but please don't bet on an Islamic cyber-attack today. Stay calm. Stay reasoned. And stay tuned to Vmyths.

25 August 2004, 01:20 CT: Cyber-terror attack predicted for Thursday
CATEGORY: Dire predictions of a cyber-war or cyber-terrorism

Russian news site has reported "terrorists will paralyze the Internet on August 26" (this Thursday). The story cites virus experts Alexander Gostev and Eugene Kaspersky, both who work for Kaspersky Labs, a large Russian antivirus firm. MosNews ran the story under the headline "Russian Computer Expert Predicts Internet Terrorist Attack." story (English):

The web page address includes the phrase "internetend" -- an obvious reference to the end of the Internet as we know it.

Vmyths dismisses this "Internet Terrorist Attack" story as baseless hysteria, for numerous reasons explained below.

It appears MosNews derived their story from a newswire published by, which may have derived their own story from a Novosti newswire. In other words, it's "hand-me-down" news, and this is a systemic problem in computer security. Reporters will often quote each others' stories as their main sources of information. Worse, these stories originated in Russia, where many news agencies have dissolved into sensationalist tabloids since the breakup of the Soviet Union.

Speaking directly to Novosti's reporters, Gostev supposedly claimed "the United States and Western Europe will suffer from the attack" on Thursday, while Kaspersky supposedly "reminded that similar attacks had earlier paralyzed [the] Internet in South Korea. He added that it would be 'impossible' to stop terrorist organizations if they 'get down to business.'"

As expected, the Novosti newswire described the cyber-terrorists as "Islamic" fundamentalists who declared Thursday a day of "electronic jihad."

Gostev and Kaspersky claimed they learned about the cyber-terror attack from data "published on specialized sites," and Gostev admitted "it is difficult to say how true this information is." Statements like this raise a RED FLAG at Vmyths. We believe the men studied messages left by narcissistic braggarts, not Islamic cyber-warriors. Vmyths has seen NO objective corroborating evidence for an Internet armageddon in the near future.

Narcissistic braggarts have a notorious habit of (1) declaring an attack date and then (2) failing to show up for duty at the appointed time. One of the most hilarious examples of this took place in 1997; see for details.

According to Novosti, Kaspersky concluded by saying "it is ghastly enough that these people have mentioned 'electronic jihad' for the first time." Kaspersky is clearly mistaken if the newswire quoted him in context. Hackers and the media have used this exact term for years; a Google search returns 500+ matches. Israel's Jerusalem Post newspaper used a similar term, "virtual jihad," four years ago. mi2g (a well-documented fearmonger) has issued predictions over the years for electronic jihads which have NEVER come to pass.

   Remember this when virus hysteria strikes:

MosNews quoted, which quoted another virus expert, who insisted "Kaspersky Labs has been foretelling the doomsday for a long time." Vmyths agrees they occasionally sensationalize threats -- but a global cyber-terror prediction seems highly out of character for them. And the website so far offers no special news/advice for its clients. The Novosti newswire oddly claims Kaspersky Labs "will be switched over to the 'yellow' danger level" on Thursday, but this, too, seems highly out of character for the antivirus firm.

For all of these reasons, Vmyths dismisses this "Internet Terrorist Attack" story as baseless hysteria.

Vmyths assumes Alexander Gostev & Eugene Kaspersky were quoted out of context -- but we don't know HOW MUCH they were quoted out of context. This may be an example of a "worst-case scenario briefing" gone awry. (See for more on this subtopic.) We asked Kaspersky Labs to comment on the Russian news stories and we'll publish their response as soon as we get it.

Unfortunately, the global media has a FETISH for "end of the Internet" stories. Vmyths predicts the following:

   (1) On Wednesday, news outlets around the world will report the Novosti newswire (and stories derived from it) without question. A sensationalist reporter might even link cyber-terrorism to the breaking news of two Russian jetliners that just crashed. "Did Islamic hackers take over the cockpits?"
   (2) On Thursday, a few news outlets will acknowledge the prediction flopped.
   (3) On Friday, reporters will dump the story as a non-event.

The SANS "Internet Storm Center" ( currently reports a "green" status for the Internet. SANS "predicts that the Internet will not vaporize into a cloud of nothingness this Thursday, but if it does, it's been our pleasure to help stave off its inevitable annihilation this long." Vmyths applauds SANS for its sense of humor.

Don't bet on an Islamic cyber-attack this Thursday. Stay calm. Stay reasoned. And stay tuned to Vmyths.

   * Cory Altheide (SANS), for URLs to Russian news stories
   * Confidential source, for the Novosti newswire

2 June 2004, 17:50 CT: mi2g predicts ''catastrophic'' attack in 2004
CATEGORY: Hysteria related to a publicity stunt

British firm "mi2g" issued a "news release" today to predict a heinous Internet attack will occur this year. They declared "the probability of a catastrophic malware attack, defined as global damages in excess of $100bn from a chain of combined events, has risen from 1 in 40 (2.5%) for 2003 to about 3 in 10 (30%) for 2004."

Vmyths dismisses the prediction as a blatant publicity stunt.

mi2g is famous in the security world for using a digital crystal ball -- and this latest "news release" fails to buttress a supposed twelve-fold increase in the accuracy of their beliefs. Vmyths has documented a string of bad mi2g predictions dating back to 1999. Two recent examples include (1) a terrorist cyber-strike on the first anniversary of the "9/11" attacks and (2) a crippling cyber-war during the 2003 invasion of Iraq.

mi2g did not pinpoint who might launch their newest predicted catastrophe. They talked only in vague terms about "hacking groups," "criminal syndicates," and "politically and ideologically motivated" organizations. mi2g speculated the masterminds will use diabolical "automated malware agents distributed through email spam, viruses and worms" to "convert millions of computers to zombies for nefarious purposes." mi2g left "nefarious purposes" to the reader's imagination.

mi2g defined a "catastrophic malware attack" as "global damages in excess of $100bn." This is convenient, because mi2g is the media's ONLY source for absurdly precise virus damage costs. Vmyths believes media outlets will embrace the new publicity stunt for exactly this reason. Gullible reporters routinely fall for mi2g's fearmongering predictions, wild damage guesstimates, irrelevant granfalloons, and creative phrases like "global digital eco-system" and "digital risk fallout."

Vmyths has repeatedly slammed mi2g over the years for its blatant PR stunts. This latest "news alert" is actually a thinly veiled plug for their "D2-Banking" service. We've highlighted mi2g in multiple Hysteria Alerts and we maintain a "Hysteria roll call" resource on them:

   mi2g "Hysteria roll call" resource:
   Hysteria Alerts archive:

Vmyths insists you should never take mi2g's claims at face value. For example, they trumpet themselves as a computer security firm "since 1995" when in fact they wormed their way into the security world in 1999.

mi2g has threatened in the past to sue Vmyths for libel (see for details). For the record: we stand by our criticisms. However, Vmyths prides itself for an industry-leading "corrections and clarifications" page. Anyone may write to to contest our claims & accusations. Anyone may visit to rebut our opinions & criticisms.

Don't take mi2g's "news alerts" at face value. Stay calm. Stay reasoned. And stay tuned to Vmyths.

Acknowledgements: confidential source

8 May 2004, 13:10 CT: Will U.S. try to extradite Sasser's creator?
CATEGORY: Historical perspective on recent hysteria

A Reuters newswire says "German police have arrested an 18-year-old man suspected of creating the 'Sasser' computer worm, believed to be one of the Internet's most costly outbreaks of sabotage... [A police spokesman] said the suspect admitted to programming the worm." See for the full text of the newswire.

In our previous Hysteria Alert, we predicted the fearmongers at mi2g will soon slap an astronomical dollar value on the Sasser worm. The U.S. alone will account for a few billion of mi2g's guesstimate. This leads us to ponder an interesting question:

Will the Justice Department try to extradite the author of the Sasser worm? Will he stand trial on American soil for a multi-billion-dollar crime?

If history is a guide, Sasser's author will never appear before a U.S. judge. Consider the following:

  1. U.S. feds never sought extradition for Jan de Wit (aka "OnTheFly"), who released the Kournikova virus in February 2001. A Dutch court convicted him for the crime but he remains free of a U.S. indictment.
  2. U.S. feds never sought extradition for any of the suspects behind the ILoveYou virus in May 2000. Reonel Ramones, Onel de Guzman, and Irene de Guzman remain free of a U.S. indictment in the Philippines despite the successful completion of a much-publicized worldwide manhunt.
  3. U.S. feds never sought extradition for Mike Calce (aka "Mafiaboy"), a then-14yr-old hacker who masterminded an e-commerce attack that (supposedly) very nearly destroyed, Yahoo!, eBay, CNN, and other U.S.-based firms in February 2000. Calce was found guilty in Canada for the crime but remains free of a U.S. indictment.
  4. U.S. feds never sought extradition for acknowledged Chernobyl virus writer Chen Ing-Hau for "destroy[ing] thousands" of U.S. government, military, corporate, academic, and personal PCs in April 1999. He remains free of a U.S. indictment in Taiwan.
FBI agents traditionally provide "evidence" to other countries to help them prosecute virus/worm authors ... but that's as far as it goes. Remember this when you read stories about the arrest of Sasser's creator. Vmyths predicts he won't be extradited to America.

Remember your history lessons. Stay calm. Stay reasoned. And stay tuned to Vmyths.

5 May 2004, 00:20 CT: Hysteria over ''Sasser'' worm
Headlines around the world warn of the spread of multiple variants of the "Sasser" worm. "Sasser's toll likely stands at 500,000 infections," a typical headline reads. Vmyths notes security experts have tended to make guesses in the same ballpark -- ranging from 200,000 to one million infected computers.

News stories at first identified those who made guesstimates, but the current batch of stories no longer directly cites sources for these figures. "500,000 to one million infected PCs" is now widely accepted by the media as if it were a fact rather than a conjecture.

A story penned by Rob Lemos pointed out that "while [these] numbers sound overwhelming, the compromised PCs make up a fraction of a percent of the computers connected to the Internet." Vmyths agrees with Lemos' assessment.

[Many] Security experts FAILED to predict the Sasser worm would focus more on home computers than business PCs. The reasons for it are obvious in hindsight to these experts, so Vmyths must ask a rhetorical question -- "why didn't security experts predict the obvious?" And speaking of predictions...

Security experts didn't agree on what day they thought the Sasser worm would achieve "peak activity." American experts predicted it would peak on Monday "as millions of workers bring their laptops back to their offices, after using them over the weekend to access the Internet from relatively unsecured home locations." On the other hand, experts who live outside the U.S. predicted Sasser would peak on Tuesday due to long holiday weekends in some parts of the world.

(Conflicting accounts of the worm's spread make it difficult to gauge the accuracy of these predictions.)

Panicky firms have damaged themselves over the years in a trend known as "precautionary disconnects." (See for details.) In the latest example, an AFP newswire revealed "Sampo, Finland's third largest bank, closed its 130 branch offices across the country to prevent the Sasser Internet worm from infecting its systems... 'We decided to close our offices as a precaution, since we knew that our virus protection hadn't been updated,' Sampo spokesman Hannu Vuola [said]." In other words, Finland's third-largest bank voluntarily made itself Finland's SMALLEST bank -- because they didn't trust their "antivirus solution" to protect them in a time of crisis.

Contrary to widespread reports, Australia's "RailCorp" railway system may NOT have been hampered by the Sasser worm. CEO Vince Graham was quoted as saying their most recent woes "could very well be a matter related to a virus getting into [RailCorp's] system." Graham did NOT confirm anything, and this is an important distinction. Vmyths readers may recall security experts incorrectly blamed a computer worm for the U.S. electrical blackout of 2003.

Vmyths has observed new buzz phrases in the media's coverage of the Sasser worm. For example, did you know there is now a "network telescope" which can peer into "the dark matter of the Internet"? See for details.

Normally, Vmyths would expect to see "global damage estimates" for the Sasser worm, courtesy of a company known as mi2g. (See for details on this firm's antics.) However, mi2g has remained oddly silent since mid-April. Still, Vmyths will watch for mi2g to add Sasser's costs to their astronomical tally for virus damages.

Stay calm. Stay reasoned. And stay tuned to Vmyths.

2 February 2004, 22:05 CT: Absurd MyDoom damage values
In our previous Hysteria Alert, we predicted "someone will soon declare a 'guesstimate' damage value for the MyDoom virus/worm, strictly for its PR value." Vmyths named mi2g as one of the more dubious candidates.

mi2g played its PR card with a wag of $38.5 billion in global damages. We dismiss it as completely absurd. mi2g's guesstimate is:
   * 1.6% of the U.S. federal budget proposed for the next fiscal year;
   * 40% of the damage to New York City on 9/11/01; and
   * more than double the cost of Hurricane Andrew in 1992.

mi2g has pulled PR stunts since 1999 on an almost regular basis. See for a critical look at the firm's shenanigans.

Unfortunately, gullible reporters have already started to latch onto this latest PR stunt. The Web Host Industry Review, for example, published it in breathless tones. Vmyths believes major media outlets will fall like dominoes -- mi2g's declaration is simply too large for them to ignore.

It sounds incredible to say it, but mi2g now demands money if you want to read press releases associated with their PR stunts. You'll pay "£29.38 (including taxes)" just to read their "$38.5 billion" press release, for example. Visit if you don't believe us.

We asked it before and we'll ask it again. Why do British fearmongers so often give guesstimates in U.S. dollars?

mi2g has threatened to sue Vmyths for libel (see for details) and this Hysteria Alert may lead to a renewed effort to crush us. For the record: we stand by our criticisms of mi2g. However, Vmyths prides itself for an industry-leading "corrections & clarifications" page. Anyone may write to to contest our claims & accusations. Anyone may visit to rebut our opinions & criticisms.

Do the math. Stay calm. Stay reasoned. And stay tuned to Vmyths.


     Showing 1-10 out of 27 Resources     NEXT>>

Sign up for FREE Vmyths newsletters!
"Virus Hysteria" Alert
Stay on top of the latest computer virus hysteria as it happens -- with no advertisements.
"What's New" Newsletter (weekly)
Keep up on what's new at Vmyths.
"Multimedia" Update
Learn about new & updated multimedia files at Vmyths.
Note: After subscribing, you will be sent a confirmation email. Please reply to it and your subscription will be completed.


Mediaweave: Sophisticated web design and development
 Copyright © 2003 Rhode Island Soft Systems, Inc.
Website designed & programmed by Mediaweave