Hoaxes, myths,
urban legends




About us


Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

Irony, humor, politics, and back-stabbing

Rob Rosenberger, Vmyths co-founder
Friday, 25 June 1999

COMPANIES LOVE TO ride on the coattails of a popular news event like ExploreZip. Irony, humor, politics, back-stabbing ... what more could you ask for? You'll find some interesting names affiliated with it:

  1. Press releases from Symantec and OnTrack each announced the "first" utility to deal with ExploreZip.
  2. An Executive Software press release touted a free utility to easily recover files deleted by ExploreZip. A Symantec press release claimed Norton Utilities can easily recover files deleted by ExploreZip. Ontrack warned users in a press release to avoid competitors' utilities: "Ontrack experts have discovered aspects of the virus that make it nearly impossible to correct with standard utility programs and cautions users against trying them."
  3. FBI NIPC (the "long arm of the cyber-law") picked up a lot of media exposure by launching another manhunt. Some trails lead to Israel — and NIPC didn't extradite Chernobyl's author -- so we should assume they won't extradite ExploreZip's author.

    It looks like FBI NIPC just wants to play 'tag' with virus writers for publi­city reasons.

  4. CERT continued its recent PR campaign, picking up valuable media exposure as a result of ExploreZip. A persistent rumor says CERT went on this publicity tour after growing jealous of CIAC's widespread popularity.
  5. ATL Products issued a press release saying ExploreZip "highlighted the need for global companies to incorporate virus protection strategies" for every critical system. They then admitted their own failure to incorporate virus protection strategies for every critical system. "ATL Products successfully put its own disaster recovery practices to use as a result of this worm virus that affected some of the company's important business data..."
  6. Sun Tzu Security popped out of the woodwork with a "security advisory" press release. Oddly, it appears they last updated their website on 12/1/98.
  7. A press release from Reflex Magnetics "blames the anti-virus industry for the rapid spread of Worm.ExploreZip."
  8. KVLabs hailed their enterprise management software as an ExploreZip deterrent. The press release urged reporters to "forward this note to others and tell them about KVLabs!"
  9. A press release from Staples.com touted a $5 discount for Norton AntiVirus, plus free 2-3 day ground shipping to combat the fast-spreading critter. "We're helping our customers slash the hassle and the worry of running their offices," SrVP Jeff Levitan said.
  10. Beyond.com issued a press release telling reporters they provide links to other websites.
  11. PC Connection issued a press release (with a misleading headline) telling reporters they provide links to other websites.
  12. United Messaging (an email outsource provider) announced "Stephen Layne, 'Mr. Postmaster General of E-mail,' is available for interviews and comment regarding the 'Worm.Explore.Zip' e-mail virus reported June 10, 1999, and others e-mail viruses that have cropped up recently. He is an industry expert on how e-mail viruses are developed, how they spread, the harm they cause, and the safety precautions necessary to avoid virus-related problems." DejaNews archives turned up zero references to him and his company.

    One press release urged re­por­ters to "for­ward this note to others and tell them about KVLabs!"

  13. Control Data (another email outsource provider) hailed a software patch to detect ExploreZip. VP Robert Booker praised his team's ability to respond to virus threats after the fact.
  14. Electric Mail (another email outsource provider) announced they can detect ExploreZip. More accurately, they updated their antivirus software after the fact to detect it.
  15. Allegro (another email outsource provider) trumpeted their resistance to ExploreZip. Oddly, Allegro called ExploreZip a "macro virus", said it travels as "an infected Microsoft Word document," and claimed it deletes "drives C through Z."
  16. An "advisory" press release from Internet Security Systems claims ExploreZip descended from Melissa.
  17. A DriveSavers press release announced discounts for ExploreZip-related data recovery services.
  18. Jobs.com issued a press release touting the safety of their résumé forwarding service. "Jobs.com, Inc. holds the only solution that guarantees resumes delivered over the Internet will arrive at an employer's desktop 100 percent virus-free." The solution: "proprietary technology." Oddly, Jobs.com didn't guarantee the safety of the proprietary software you must download...

ATL Products offered some of the best irony with their "do as I say, not as I do" press release.

The FBI manhunt for ExploreZip's author raises an important question: "why go on a manhunt in the first place if you won't extradite suspects?" Indeed, even U.S. virus writers seem immune from prosecution. Remember the man accused of writing Melissa? Everybody jumped on David Smith's coattails at the time of his arrest, yet he remains free on bail and politicians no longer care to discuss the matter.[1] It looks like FBI NIPC just wants to play 'tag' with virus writers for publicity reasons.

A special note to Andy Campbell at Reflex Magnetics: antivirus software did contribute to the spread of Melissa, Chernobyl, and ExploreZip — but you blamed the wrong people for it. More than a decade ago, naïve journalists started recommending signature-based products even though they knew nothing of computer security. Profile-based scanning withered on the vine because reviewers convinced readers to use crippled detection methodologies. Major antivirus vendors focused on signature-based scanning in order to stay alive. You want to save the world, Andy? Blame the media for misleading computer security experts and consumers alike.

Speaking of the press... a few more tidbits:

  1. Media reports don't agree on ExploreZip's payload. Some say it will wipe out almost all files on a PC. Others say it attacks Word documents. Some say it attacks software source code files in addition to Microsoft Office documents. Some claim it deletes files stored on networks. A few say it deletes email.
  2. A press release from ZDNews (part of the Ziff-Davis publishing empire) promoted "reporters and columnists" who would gladly talk to other reporters and columnists about ExploreZip.
  3. Newsbytes reporter Craig Menefee said ExploreZip "had been reported on every continent but Antarctica." This means at least six computer users reported the virus.

    ZDNews dis­tri­buted the phone num­bers of re­por­ters willing to talk to other re­por­ters about ExploreZip.

  4. Thirteen days after ExploreZip struck, the Xinhua news agency reported "China's leading antivirus company ... issued new software containing an antidote to the new worm virus that swept through the Internet early this month." [Yeah, like I should talk. I spent 15 days compiling these tidbits.]
  5. Reuters reporter Dick Satran released a newswire v1.1 with the following upgrade notice: "recasts lead, adds new countries hit, comments from companies."
  6. The first sentence of a CMP story warned "a new worm spreading across the Net could make the Melissa virus look benign."
  7. Newsbytes reporter Steve Gold penned a story titled "Preventing Future Worm.ExploreZip Debacles." It reads like an advertisement for Reflex Magnetics.

In theory, ZDNews promoted their reporters as, say, "meta-experts" who talk to real experts and know the lingo. If nothing else, they would serve as a liaison or translator for the mainstream media. Realistically, though, ZDNews highlighted the stupidity of reporters quoting reporters.

Some ExploreZip anecdotes:

  1. During Microsoft's antitrust trial, judge Thomas Penfield Jackson asked expert witness Edward Felton if a browser increases the chance for a computer virus infection. AP quoted His Honor as saying "it seems self-evident to me that the presence of a browser increases the risk of penetration of a virus."
  2. The Australian Taxation Office didn't succumb to ExploreZip. It seems they disconnected from the Internet for 3-5 days as a precaution when they detected a Melissa variant. ATO possibly chose to remain disconnected as a precaution when the media went berserk over ExploreZip during their outage. Mind you, the down-under bean counters have a history of showing respect to 14yr-old virus writers.
  3. During testimony before a Senate panel, Microsoft chairman Bill Gates said "we need to design our systems to be far more resilient to these types of virus attacks."

Judge Jackson's statement concerns me just a little. Let's suppose his eventual ruling references this "self-evident" virus threat. I don't consider myself a legal scholar, but it seems "self-evident" it would cast a wrench into the legal liability of bundling any browser with Linux, Unix, MacOS, MVS, GCOS...