I showed you way back in early February how the antivirus firms remained calm & cool during a round of media hoopla over the Conficker / Downadup worm. Nearly two months has passed since then. It’s now the end of March … and the antivirus firms remain calm & cool.

In other words: nothing has changed.

In all that time, IBM’s Internet Security Systems never raised its Internet threat level above “normal.” In all that time, Kaspersky Labs never raised its assessment of the worm above “moderate risk.” In all that time, McAfee never raised its global threat condition due to Conficker / Downadup. In all that time, the SANS Internet Storm Center never raised its Internet threat level above “green.” In all that time, Symantec never raised its ThreatCon due to Conficker / Downadup. In all that time, Trend Micro never posted a medium- or high-risk alert over the worm.

And what about antivirus vendor Sophos? Well, in the days leading up to this latest hoopla … they fretted more about Russian brides than the Conficker / Downadup worm.

I still can’t recall a time in the last twenty years when when so many antivirus firms remained so calm during a media circus. A second media circus, no less. Color me stupified.

A new headline at PC Magazine calls the Downadup worm an “epidemic.” Other news outlets have latched onto the story with similar weasel words and trigger phrases. If you take the “growing exponentially” claims at face value, then throw away your PC right now because we’re doomed. Experts predict this worm will infect at least 8.7 billion PCs by Sunday.

The antivirus firm behind the hype is now offering prizes to people who test their new product. “Wow, that’s really cool!” F-Secure doesn’t want all that global media exposure to go to waste, you know…

(“One computer for every dollar the ILoveYou virus cost, eh Rob?” Exactly! You’re catching on.)

In other words, I may have been mistaken in yesterday’s “died on the vine” comment. The media has waited a very long time to orgasm over a virus story and I once again wonder if they can hold back their ecstasy…

…Except there’s a tiny little problem. The antivirus vendors just don’t seem interested in it!

Take Symantec, for example — they actually lowered their ThreatCon status today from “2″ (elevated) to “1″ (normal). Kaspersky Labs still describes Downadup as a “moderate risk.” Neither McAfee nor Trend Micro has updated their alert pages. SANS continues to show a “green” Internet threat level. About.com virus expert Mary Landesman tackled a different subject in today’s column.

And F-Secure…

Hmmm, F-Secure. You know, I don’t think F-Secure will like the rest of my column.

F-Secure — the antivirus firm behind the “nine million” estimate — announced they released a “Removal Tool” for the Downadup worm. Oh, and be sure to check out their new beta security product! “Feedback enrolls users into prize giveaways,” F-Secure bragged. “We recently received another batch of our very popular laptop stickers, so as a bonus, we’ll pass along a stack to Tomi [from the Customer Involvement Team].”

Waitaminit. Laptop stickers?!? Pardon me while I say “wow, that’s really cool!”

Folks, the press wants us to believe there’s a global “epidemic.” So what does F-Secure do with all the media attention they whipped up? Why, they turn it into an opportunity to recruit beta testers for a new product!

{sniff} Do I smell something familiar? Or did I just forget to the flush the toilet?

My original notion for this column centered on the media hysteria I expected from F-Secure’s huffing over variants of the Downadup worm. Quoting from a (level-headed) story in The Register:

[The Downadup worm] that attacks a patched vulnerability in Microsoft Windows, is making exponential gains if estimates from researchers at F-Secure are accurate. They show 6.5 million new infections in the past four days, bringing the total number of machines it has compromised to almost 9 million. The astronomical growth stunned some researchers, although others cautioned the numbers could be inflated since the counting of infected computers is by no means an exact science. Most agreed F-Secure’s estimate was certainly plausible and if it proved to be correct, represented a major development in the world of cyberthreats.

6.5 million newly infected PCs, you say? All of them whacked in a four-day period? Hmmm. The timing of this makes me wonder how many of those PCs showed up under the plastic tannenbaum.

Yet it would seem my worries about hysteria have died on the vine. Consider the following:

The media yawned when F-Secure claimed the Downadup worm tallied another 6.5 million PCs in a four-day period…

• The SANS Internet Storm Center continued to display a “green” Internet threat level;
• Symantec continued to hold at “ThreatCon 2” with no mention of the Downadup worm;
• McAfee didn’t even mention it in a “breaking advisory”;
• ISS maintained an “AlertCon 1” with no mention of the Downadup worm;
• Sophos technovangelist Graham Cluley raised little more than an eyebrow in his corporate blog; and
• About.com antivirus guide Mary Landesman devoted only two paragraphs in her blog.

Only Kaspersky Labs seems to have given F-Secure some shrift when they announced a virus alert on their website. Yet they only identified it as a moderate risk. So, uh … let’s call it “short shrift” and leave it at that.

The media, too, seems to have collectively yawned over F-Secure’s declaration. One CNN Headline News anchor — dare I say it? — almost smirked while reading from the teleprompter. (In all fairness, it isn’t the first time a CNN mannequin has smirked or spoken in an upbeat tone about a devastating computer virus attack.)

This non-media circus reminds me yet again of Aesop’s fable of the boy who cried wolf. F-Secure, on the other hand, will doubtless call up the Cassandra fable to dismiss any accusations of wolf-crying.

One quote in The Register’s story leapt out at me for its irony:

“This thing has gotten way out of hand,” said Paul Ferguson, a security researcher for anti-virus provider Trend Micro who has spent the past several weeks tracking the worm’s progress. “It seems pretty spectacular to me that there could be that much growth.”

I dismiss Ferguson’s quote as ironic because Trend Micro’s “vinfo” page hasn’t declared a medium- or high-risk alert. How can we take him at face value when his company doesn’t even wail about it on an alert page?

---

Antivirus vendors and computer news reporters have certainly suffered a drought of hysteria in the past few years — and I myself fret that we’re due for another hystericane.

F-Secure will doubtless call up the Cassandra fable to dismiss any accusations of wolf-crying…

Why, then, hasn’t the Downadup worm generated “the perfect storm” of media hysteria?

The answer may lie in an amazing buildup to America’s “double major holiday.” Yesterday was Martin Luther King Jr. Day while today sees the inauguration of Barack Obama. News organizations appear highly focused on the orgasm of festivities in Washington, DC—

—and the media’s infatuation with U.S. politics may have simply overshadowed everything else of importance.

“You sound a bit facetious, Rob.” Yeah, okay: you caught me. Longtime readers will recall the fact government experts reminisce about the Nimda worm as a global catastrophe that cost billions of dollars and that would have qualified as one of the worst acts of cyber-terrorism ever caught on tape. And those experts still bemoan the fact it didn’t get much airplay … because it came just one week after the equally devastating physical terrorism of 9/11/01.

First Nimda; now Downadup. This leads me to ask a philosophical question. “Why do the world’s most devastating computer security attacks always seem to take place when reporters are too preoccupied to give it the attention it truly deserves?”