Your CIO can reduce virus hoaxes in your firm. Here's how
These awards are named after McAfee Associates Inc. founder John McAfee, who single-handedly set the standard
for virus hysteria in 1988. The mainstream media cried out for a telegenic messiah -- and McAfee lowered himself
to the challenge. His doom & gloom statements delighted
reporters, panicked the computing world, and pushed his company's software to the top of the charts.Sadly, John McAfee fell from the media's grace after the Michelangelo fiasco of 1992. Associated Press, Reuters, United Press International, and CNN (among many others) suffered incredible blows to their journalistic reputations. Needing a scapegoat to cover up their own incompetent reporting, these agencies chose poor old McAfee -- they dumped him like Princess Diana dumped Prince Charles.
John McAfee left the industry in disgrace. But he wrote the book on virus hype ("Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other Threats to Your System," 1989, St. Martin's Press) and a new legion of followers relentlessly beats the drum of hysteria in his name.
Our thanks go to Nicole Judy of Ohio who offered $50 to help defray the cost of prizes. (The rest comes out of George & Rob's pockets.) We appreciate your kindness, Judy!
Incredibly, this gaffe slipped past the bulletin's editors who work at the FBI training academy in Quantico, Virginia. They later removed the most embarrassing portion from the online copy of the report after Crypt Newsletter exposed it in an editorial -- but the FBI oddly left the reference to "the case of the 'Clinton' virus." And tens of thousands of original printed copies went out the door with no possibility of recall.
Let the record show: the FBI published a condensed version of the Carter/Katz report. The full report identifies an April Fool's story (printed in Datamation magazine) as the source for its information on the joke viruses.
Even more bizarre: Dr. Katz apparently learned of this gaffe almost a year beforehand. Computer security expert Gene Spafford claims he received a press release about the report which "contained the same erroneous statements about joke computer viruses that were printed in the FBI newsletter... I explained to [Dr. Katz] that they should correct [the report] immediately or else face ridicule from those who understood viruses. I never heard from them again."
Military network administrators got swamped with email from frightened users who wanted software that could detect viruses. This prompted some of the more frustrated administrators to ask users to ignore the worldwide alert. Incredibly, JCS J6Z claims it coordinated their bizarre message with the DISA ASSIST office.
Friendly Greetings?Commission staffer Alison Fortier (a former senior director for National Security Council legislative affairs) proved instrumental in writing the embarrassing chapter. When Crypt Newsletter contacted her, she at first expressed disbelief that Penpal was only a hoax!One company whose officials met with the Commission warned its employees against reading an e-mail entitled Penpal Greetings. Although the message appeared to be a friendly letter, it contained a virus that could infect the hard drive and destroy all data present. The virus was self-replicating, which meant that once the message was read, it would automatically forward itself to any e-mail address stored in the recipients in-box.
Other commission members who signed the report include vice-chairman Larry Combest, Senator Jesse Helms, ex-CIA director John Deutch, and Martin Faga, formerly a bigwig at the ultra-secret National Reconnaissance Office.
Rostker's team couldn't find paper copies of the logs either, but the media didn't really care about such a trivial issue. International newswires gave prominent attention to the portion of the story dealing with viruses.
In the first case, McAfee's beta-test division discovered an obscure flaw in Symantec's Norton Utilities. Instead of notifying Symantec, McAfee chose to notify only the media. They even wrote a blatant demonstration program for Windows Sources magazine (itself a runner-up in the "journalism" category), which they gladly posted on their website so any malicious hacker could download it.
In the second case, McAfee's beta-test division discovered a supposed "cheat mode" in Dr. Solomon's Anti-Virus Toolkit. McAfee went on the war path, paying PRNewswire (itself the winner in the "journalism" category) to distribute multiple press releases describing Solomon's heinous crimes against humanity.
Just another day in McAfee's relentless effort to protect the world. Solomon's struck back at McAfee and won the media battle. Symantec (itself a runner-up in this category) lost their media battle, but they later slapped McAfee with a copyright infringement lawsuit as payback.
The developer claims Microsoft reacted quickly when he notified them. "To their credit, they pulled [the infected template file] within minutes." But not even Bill Gates himself could stop the negative publicity when computer publications learned of Microsoft's role in releasing the first Word97 virus.
Oddly, the publicity stunt failed to include essential information on how to contact Penguin Press, which forced a virus researcher to trace it back to them. Shocked by intense negative publicity, the company later tried to cover up its involvement in the hoax.
Few reporters lift a finger when they write virus stories -- they merely wait for press releases to show up on PRNewswire (itself the winner in the "journalism" category). Symantec doesn't like this because it forces them to compete for publicity. They want reporters to come to Symantec just like Pavlov's dogs.
Early this year, Symantec made it even easier for reporters to get their daily dose of propaganda. They issued a press release with the headline, "Symantec Announces the Opening of the Symantec Antivirus Research Centre (SARC) News Bureau for the Media." (Notice how the American conglomerate uses a proper British spelling for the word "centre.")
Symantec's propaganda outlet will serve as "an information center for the media only... Editors and [TV show] producers will be able to contact the SARC News Bureau via a special toll-free 1-888 number to obtain information on topical issues such as... easy anti-virus protection through Norton AntiVirus products."
The press release quotes SARC product manager Alex Haddox, who said "by offering the media a 1-888 toll-free number for easy access to SARC spokespersons, they will be able to obtain the very latest information on viruses and we will be able to spread the word." (Emphasis added by the CVHA nomination committee.)
Now, you'd think a press release written specifically for editors wouldn't need a special "note to editors" paragraph at the bottom, right? Wrong! "If you would like additional information on Symantec Corporation and its products, please view... SymantecÕs [sic] Website."
According to the press release, employees noticed executable files increasing in size -- indicating a virus infiltrated ZDNet's computers. (Notice how this "undetectable" virus exhibits an easily detectable trait.) ZDNet turned to Symantec and Dr. Solomon's Software for assistance. Symantec "sprung into action" and Solomon's "provided ZDNet the means to ensure the integrity of their data."
Hold on, it gets even better. As a reward for discovering this new virus, ZDNet negotiated an exclusive
distribution license with Symantec & Solomon's. Don't bother looking for help anywhere else if you want to
check your computer for this deadly virus. The files are "available via free download exclusively at the ZDNet
Software Library."
The Irina virus, as you may know, is a runner-up in the "alert" category. And remember: we named the Virus Hysteria Awards in honor of John McAfee, the man who founded McAfee Associates.
Raymond goes on to say "if you have a separate 'operating system' partition... your other operating system partitions are hidden and are much safer from virus attack."
"as the world's leading vendor of anti-virus software, McAfee is considered the computer industry's Center for Disease Control..."
"the world's leading supplier of utilities and anti-virus software products..."
"the world leader in mission-critical business software..."
"the worldwide leader in computer virus detection identification and disinfection..."
"a leading developer of innovative software designed to help people use complex technologies..."
"the leading developer of server-based virus protection for high-performance corporate networks..."
"a technology leader in its major business areas of anti-virus, data security and cryptography software..."
"the leading supplier of technologically innovative anti-virus and security software to the corporate and government sectors worldwide..."
"one of the world's leading developers of anti-virus software..."
"The press release contains forward-looking statements concerning product development efforts by Symantec. There are certain important factors that could cause Symantec's future development efforts to differ materially from those anticipated by some of the statements made above..."
"I'm not a hacker but I know a few..."
"Cyberwoozling is the practice of siphoning data from the user's system whilst they surf the net. Cyberwoozles are generally a combination of cookies and browser side add-in code."
"We have never had a security hole in our products on the magnitude of [the Internet Explorer] security hole... We're less prone to this sort of thing."
"[Let the military inject attackers' computers with] a polymorphic virus that wipes out the system, takes it down for weeks."
"We call it a Trojan virus. Basically, you're downloading a program for a specific purpose, and it's doing something different from what it's supposed to do."
"The virus rumour has been checked by experts in the UK and it has been confirmed that there is currently no 'Irina' virus to guard against and that an email erroneously circulated to a mailing list was at the root of this rumour."
"This is potentially a new classification of virus... [I'm making it my] top priority."
"Although the term 'virus' is used to refer to malicious software code in general..."
Internet users interested in pornography would download the Trojan (described as a graphics image viewer), install it on their computers, and then the scam would begin. The software would quietly hang up the phone and dial a number in Moldova, generating lucrative long-distance charges. The unwitting caller would re-connect to the Internet via a service provider in Canada.
Okay, so we know the software doesn't qualify as a virus or a worm. It's just a generic Trojan horse involving a porno company. Why did this event make the Computer Virus Hysteria Awards? Well, that's where the Mounties and an Internet content-blocking company come in.
Corporal Marc Gosselin (himself a runner-up in the "quotation" category) works in the RCMP computer crime division. He found himself the center of media attention when SexyGirls.com came to light. Gosselin ignored traditional computer crime definitions when he called the software a "Trojan virus."
Now enter Solid Oak Software president Brian Milburn (also a runner-up in the "quotation" category). His company markets software which shields children from pornographic sites. Milburn described the SexyGirls.com scam as "a new classification of virus" and declared his company would make computer viruses its "top priority."
The media latched onto Gosselin's & Milburn's statements with gusto. Reporters never bothered to quote genuine virus experts about the scam; all virus references came from pseudo-experts. This brought it under the auspices of the Computer Virus Hysteria Awards.
By the way, did you notice the questions reporters failed to ask people who got caught up in this Trojan virus international porno scam modem-based con game?
Cassel spread word of the upcoming disaster in The AOL List, a mailing list with a serious editorial slant against America Online. News agencies (both print- and web-based) picked up on it and gave Cassel his obligatory fifteen nanominutes of fame. c|net reporter Janet Kornblum filed an online story saying Cassel considered it a genuine threat.
The alert quickly evolved. Users soon received warnings of a global hacker riot (a sympathetic strike from non-AOL hackers?) coming on Valentine's Day which "may destroy the entire infrastructure" of the Internet according to one hysterical user.
In the end, Valentine's Day left no profound mark on the Internet. According to Cassel, a few hundred wannabee hackers logged onto AOL to argue whether they should destroy AOL. Ironically, their anarchistic plans got bogged down by Robert's Rules of Order. Some childish individuals used well-known parlor tricks to annoy users; otherwise, the day ended as AOL predicted, not as Cassel predicted.
A follow-up story in Wired summed it up in one word: "amateurs." Cassel now rationalizes the event flopped because it "had little to do with hackers." Oh, really? "It was a folk protest... Malcontents gathered [on AOL] to 'voice their angst, their anger and their dissatisfaction' " with the nation's largest online service.
Riding high on Michelangelo's fifth anniversary (itself a runner-up in the "event" category), Symantec issued its press release with a catchy subtitle: "Virus Awareness Month Promotion Includes National Advertising, Retail Demo Days, Product Rebates, Channel Promotions, an Electronic SARC News Update for Customers and SARC News Bureau for Media." (Symantec's "news bureau" is itself a runner-up in the "corporate" category.)
This prestigious promotional event goaded Crypt Newsletter and the Computer Virus Myths home page to proclaim March 'Symantec Awareness Month' (March 1-31 to be specific), which ended quite appropriately on April Fool's Day.
A couple of antivirus vendors jumped on the bandwagon with press releases. Most notable: McAfee Associates (itself the winner in the "corporate" category). They issued a "Michelangelo virus advisory" describing their diligence: "McAfee has made free trial versions of its antivirus software available to the public" (actually, they started offering free trial versions in the late 1980s).
McAfee also "launched a Michelangelo-specific support forum on its web page; extended its customer support hours; added a new high capacity phone line; and implemented a free automated faxback service" for anyone who didn't obtain enough information about Michelangelo in the last five years.
The Associated Press suffered an incredible blow to its reputation in 1992 with its doomsday predictions for the Michelangelo virus. (Reporter Laura Myers is a runner-up in the "journalism" category.) AP's "Today in History" column for 1997 marked Michelangelo's fifth anniversary with a beautifully understated comment:
"Five years ago: Personal computer users braced for a virus known as Michelangelo, set to trigger on March 6, but only scattered cases of lost files were reported."Wired magazine thankfully published a timely analysis showing why Michelangelo lost its impact over the years.
Then again, what really makes this virus so "new"? The Christmas Tree worm of 1987 used the same technique; the Morris Internet worm of 1988 used a roughly similar technique. And remember: ShareFun self-propagates only if you use MS-Mail. Do you use MS-Mail?
Need we say it? Most PCs run one of Microsoft's operating systems -- DOS, Windows 3.x, Windows 95, or Windows NT. Others use IBM's OS/2, Macintosh System 7.5, and so forth. The Bliss virus requires the Linux operating system.
Researchers scratch their heads over the "popularity" of the AOL4FREE chain-letter campaign. You'd think some people would learn by now... Like the Good Times alert, AOL4FREE warnings scream your computer will die if you so much as read an offending message with your eyeballs. Also like Good Times, you can spot an offending message because it contains a key phrase in the subject line. (Many users ironically include the offending phrase in their own warnings when forwarding it to others.)
Even more stunning -- dozens, perhaps hundreds, of users claimed they got hit by the magical AOL4FREE virus. When asked about it, though, these same people confessed they "cleaned up" someone else's alert to make it more presentable. The very first paragraph of the alert says "I got hit by this virus," which of course makes everyone think the sender of the message got hit.
Antivirus companies exposed it as a hoax on their websites in order to quell the worldwide hysteria... Then suddenly U.S. DoE CIAC issued Alert H-47 about a Trojan horse (not a virus) named AOL4FREE.COM. David Crawford maintains CIAC's website and he knew H-47 would throw gasoline on the chain-letter hysteria. However, CIAC had no choice but to issue an alert according to its charter.
Need we say it? The media went positively berserk over Alert H-47. International newswires wrote stories of doom & gloom, web-based newswires wrote front-page virus alerts, and hysterical users quoted the entire H-47 alert in their chain letters.
The original Penpal Greetings alert died down for awhile ... but it came roaring back to life when a variant sprung up. "This information was received this morning from IBM," the new incarnation claimed. Numerous Internet service providers (ISPs) got sucked in by this statement -- we even hotlinked to one ISP's alert, but they took it down soon after the CVHA v2.0 voting began. (Go figure.)
The perpetrator of this hoax used an ancient, well-known trick to spoof recipients' Internet addresses, thus making it look like they sent the message to themselves. This trick convinced many unknowing users of NaughtyRobot's "existence." They in turn launched all the chain-letter warning messages.
Many reporters took the publicity stunt for real -- and someone sent the "alert" via email to friends. It quickly spiraled out of control, turning into a worldwide chain letter.
McAfee-induced hysteria surfaced again last December thanks to a chain letter announcing Friday the 13th -- the day when the Ghost program allegedly wipes out hard disks.
Matra plagiarizes other virus hoaxes including Deeyenda and modem subcarrier. It also spouts key phrases from legitimate alerts to make it sound a little more plausible.
Large corporate players in the antivirus industry distribute "virus alerts" via PRNewswire for a couple of fairly obvious (and profoundly anti-consumer) reasons. First, editors and reporters don't pay much attention to Internet newsgroups which have historically served this function. And if editors & reporters don't pay attention, antivirus companies can't get their names mentioned in news stories.
Second, users learn about legitimate threats to computing via Internet channels but there's no money in the process for corporate antivirus vendors. Other competitors can freely critique & snipe, users can freely spit back at distorted pronouncements, and there's little stimulus to corporate sales to show for it. General warnings distributed through the Internet pick up a lot of debate as extra baggage.
PRNewswire proves a cost-effective way to market a "virus alert." At $500 for every 400 words, company mouthpieces can write whatever they want and ensure it rapidly arrives in the hands of pliant journalists. Lazy editors & reporters rely on PRNewswire for their stories instead of relying on industry contacts.
More often than not, a virus story will erupt as "breaking news" solely because anti-virus companies paid PRNewswire to distribute press releases about it. Two recent examples include the Hare media fiasco of 1996 and the Bliss virus scare (itself a runner-up in the "event" category).
Mason Shoes, a company woefully highlighted in the story, purchased a new computer not long ago and transferred their old software to it as a way to save money. "But the immigrant Cobol [sic] code brought with it a deadly stowaway -- the year 2000 virus," the reporters claim.
Old COBOL programmers apparently came out of retirement to fight the insidious millennium virus. Many of them "now demand annual salaries of $100,000 to $200,000." Such high fees just to fight a virus the world has known about for decades?
According to the story, Mason Shoes "is looking for someone to blame for [their] year 2000 hassles -- the companies that sold [the] hardware, the technicians who installed the applications programs, the itinerant programmers who customized them..." Translation: a worldwide conspiracy surrounds the millennium virus.
Interestingly, Broder & Zuckerman noted an inaccuracy in the name of the dangerous millennium virus -- it triggers in the year 2000 but "the millennium technically does not begin until 2001." They never mentioned the inaccuracy of calling it a virus, though.
And what a story! Writing about the Gulf War Illness controversy (itself a runner-up in the "government" category), Myers implied the missing electronic files and paper documents "were apparently wiped out by a computer virus."
Berlind & Moran wrote a fright-filled report about an obscure flaw in Symantec's Norton Utilities software after McAfee Associates brought it to their attention. McAfee also created a blatant demonstration program showing how to attack computers running Norton Utilities. In return for these favors, Windows Sources posted the demo code on their website for all to see.
Symantec berated Windows Sources for providing McAfee's code to any malicious hacker who wanted it. Product manager Tom Andrus told Associated Press: "we were taken aback that [McAfee] would go to the press, create something akin to a virus and then basically show the world how to do that." Chagrined editors at Windows Sources quietly pulled McAfee's code from their website the next day.
But Windows Sources continues to run the "investigative report" on its website. And they want you to understand the dangerous threat they created when they released the Trojan to evil hackers worldwide. We quote:
There are preventative measures users can take to protect themselves. Following one of these five steps will help protect your system from the effects of the toxic software combination:Option 4 doesn't hold much water -- a third-party developer recently announced an ActiveX plug-in for Netscape. The nomination committee prefers options 2 and 5: you can always throw away your money by throwing away Norton Utilities, or you can simply stop using the Internet. Think of the benefits if you never receive email again!
- Download the patch from Symantec
- Uninstall Norton Utilities
- Disable support for ActiveX-scripting in Internet Explorer
- Switch to a non-ActiveX-based browser such as Netscape's Navigator,
- Stay off the Net.
Actually, option 5 makes sense. Windows Sources reporters can't attack your computer with a Trojan if you choose to stay off the Internet...
Did you know "the virus wreaked havoc in the computer world when it surfaced in 1991"? (Hysteria didn't mount until the beginning of 1992, but let's not digress.) And did you know "the virus [was] probably written by a computer student in Taiwan"? (Um... well, let's not digress.)
McAfee Associates (correct spelling) issued its "ShareFun.A" press release on February 24. Knowing the distance from California to China and dividing by the time lag, the speed of light calculates out to ... roughly 25 feet per second!
Actually, it sounds more like a hardware or software conflict, not a "mysterious virus." Deger then switches gears, claiming computer engineers have looked at various hardware & software conflicts as a possible cause for the CD-ROM problem. The story never mentions anyone actually searching for a mysterious virus...
Rejected votes:
4 employees affiliated with a nomineePlease note: some people failed to vote in all categories.
13 failed to provide a valid Internet address
2 "cemetery" ballots (voted in another's name)
4 duplicate ballots stuffed into the ballot box
12 blank ballots
|
