I am really bugged by the way the media and the Anti-Virus vendors seem to work together to hype virii and sell product and news. The general spinning of facts by the media and the AV vendors lack of initiative to correct errors and exadurations.

The spark for this fire is the new 'Serbian Badman Trojan' that we may hear alot of FUD about in the next few days. As I'm writing this MSNBC and ABCNEWS.com are correcting spelling mistakes on thier site in the first article they have posted on it, that's what happens when your updating at 3:30Am.

Whenever I hear about some new 'Internet killer' virus or the latest 'Worse than melissa' I always think back to Chicken little, screaming his fowl head off that the sky was falling and the world is ending. I always check a few news agencies to see what thier 'Experts' are saying. It's amazing how much of a spin these News agencies put on new technology. (Keep in mind that I'm guessing how the average basic home user, reading these articles would react) Case in point. I heard about this virus while looking for links on another issue. I went over to MSNBC and found an interesting article about a new trojan. I checked it out and found that there was a new tojan going around that someone posted a trojan installer called "MySissy.mpg.exe" or "QuickFlick.mpg.exe" to a naughty newsgroup. The person being interviewed says it is a varient of the Subseven trojan server and that the file the installer was supposed to install is no-longer there. They thought it may be used for DDoS attacks after spying on a chat session between the suspected authors (Encrypted IRC is the only way to fly)

Fair enough. Old dog, new trick. Take a homebrew of SubSeven, just add the '.MPG' extension to the server and windows will change the icon for you to something innocuos and trusted (ie. Movie clip). Varient of an older trojan, installer source cut off, another file of same description already detected, AV companies adding to thier list, only about 2000 hosts infected. Not a big deal when you look at the small amount of hosts (Internet wide speaking), and many of those probobly won't admit where they caught it from either. Nothing to really write home about. Then I looked at CNN.com and ABCNEWS.com

I flip over to ABCNEWS.com and check thier coverage (different interviews, better links, whatever. More info is always good). I see the headline 'Hackers Embed Malicious Program in Home Computers'. I just wanted to hurt someone/thing. ABC put a severly ominous tone over the event, playing off the unfounded fears of DDoS attacks. Again they reference the same company interviewed by MSNBC but fail to make any statements off the start about the fact that this torjan can no-longer be installed in this method because the trojan package can't be found by the installer. When they do mention it, they say that 'But these attacks are likely to continue in the future'. Now to an average user, they would'nt think of other trojans, they would focus only on this one, scaring them that this thing might still be out there.

At one point they say that they have detected over 2,000 computers spread around the world, including: Austria, Greece, Canada, Russia, France and the United States. Anyone who knows the nature of usenet and how a single uploaded file is propigated around usenet knows that that file is easily available around the world. It did'nt take some co-ordinated effort of computer genius's around the world to do this, all they did was make it bait for porn-freaks around the worls and let them do the world for them. In the middle of this article they say that the FBI is meeting with the folks who discovered the trojan about the problems infected computers could have had as DDoS 'zombies'. 2,000 is realativly light compared to things like BO (Back Orifice) installations, and now that the word is out and a mechanism is available to detect it, this particular problem is licked.

Usually I would expect ABCNEWS to go overboard, but not CNN. I was wrong. It got worse.

CNN's coverage starts with the headline 'FBI probes new hacker attack reported by security company'. Oh boy... lotsa FUD staements 'Jerry Harold, president and co-founder of Network Security Technologies, said the program targets computers using high-speed Internet connections, cable modems or corporate networks'. Judging by the name of the file and the fact that it was in porn newsgroups leads me to suspect that many (sick) people downloaded it and ran it, expecting god knows what (I try not to think about it) and finding it does'nt work as they thought. It does'nt seem to specifically target corporations, just porn-freaks. Alot of virii get thier start in newsgroups. Melissa, Happy99, and many others all prey on that slightly sick segment of net society because they know that those shmucks will run anything. Next Fud candidate 'The program has a built-in defense mechanism which often allows it to pass undetected by a virus scanner, Harold said.' Obviously this company's right hand does'nt know what thier left hand is doing, and bad reporting makes it worse. On MSNBC, another top dog of the same company is saying that it was troublesome because AV software did not detect it. I can only assume that he meant 'yet', this is a brand new varient, OF COURSE it's not going to be detected. As of 4:30am local (mountain) time, both Mcafee and Norton have updates that will detect and kill it. So much for the 'Built In defence mechanism'. And again I ask why the FBI are involved in anything more than a briefing, it's a realativly minor occourance. I think someone wants to look good in-case there is a spotlight.

What can we draw from this. One agency picks up a story, says thier piece, and that's it for them. The next agency gets wind of it and wants to put a bigger headline on the main page so they say it's more dastardly than it is and put a bigger scarrier headline up. The third has to outdo the others and goes over the top.

It has been an interesting couple hours writing this (other than the fact that I've been up way to long and I think the walls are shifting color) I've seen my first developing internet Chicken Little. Granted I'm going at this without actually seeing the virus, or the chat logs of the trojan authors, but with the fact presented I think that the news media is going way overboard and the AV vendors are going along for the ride because FUD sells product and sometimes is the product.



Return To Main