Truth About Computer Security Hysteria
Nimda virus/worm (September 2001 hysteria)
CATEGORY: Misconceptions about genuine threatsCategory: misconceptions about genuine threats
U.S. attorney general John Ashcroft took time out from his daily terrorism press conference on 18 September 2001 to warn of a horrifying new Nimda virus/worm. Ashcroft's warning aired live on CNN. He declared ignorance and gave reporters no details, except to imply terrorists might not be behind the deadly über-virus.
A Newsbytes story claims "a powerful coalition of U.S. government and industry groups contemplated advising citizens to stay off the Internet completely to avoid being infected by Nimda." This idea is as absurd now as it was in 1999 when it first became fashionable. (Read our opinion of "precautionary disconnects.")
Antivirus firms sprang into action on 18 September with press releases (aka "media advisories") and email alerts to warn of Nimda's potential for destruction — and to brag how their software could detect & eradicate this new threat. Most, if not all, major antivirus firms used typical terms like "high risk," "fast spreading," and so on to describe the pending cyber-catastrophe. Network Associates mouthpiece Vincent Gullotto claimed Nimda had already "taken down entire sites. I can't even get to the Internet right now," he moaned to an Associated Press reporter. Security firm ISS hysterically described it as "Code Red on steroids."
Watch for more experts & non-experts alike to claim "Nimda will put the Code Red worm to shame." (You DO remember the Code Red worm, don't you?)
Antivirus firms did not fully agree on Nimda's capabilities for roughly a day after its discovery. Experts needed time to analyze its code — but public relations couldn't wait for accuracy. Some antivirus firms posted mediocre/ambiguous details on their sites just so clients & reporters could read something. Some of the initial media reports (particularly a CNN story) contained inaccurate details for this reason.
Vmyths predicts antivirus firms will ride on Nimda's coattails in an effort to receive free publicity — and in an all-out effort to return some value to their stock prices. Computer security stocks often rise in proportion to global hysteria. (ZDNN reporter Robert Lemos highlighted this fact in a story today.)
Many reporters speculated on a possible link between Nimda and last week's terrorism. Vmyths predicted the media would quickly drop this theory — because no security expert so far seems intrigued by it. Reporters later abandoned this coincidence.
Michael Erbschloe (Computer Economics Inc.) claims Nimda already caused $530.65 million in damages — an absurdly accurate worldwide guesstimate. Remember this: Congress diverted $40 billion to help recover from last week's terrorist attacks, and the Federal Reserve unleashed nearly $200 billion to shore up the U.S. economy. Vmyths does not expect governments to allocate one penny to help recovery efforts associated with Nimda.
Obviously, we predict hysterical Internet users will clog email servers when they forward virus alerts to everyone they know. Vmyths set up a special email address so you can forward chain-letter virus alerts to us. Your effort will help us detect changing trends in virus hysteria. Please forward the verbatim chain letter to HoaxFYI@Vmyths.com. Emails sent to this account will remain strictly confidential (we promise not to tattle on your boss if he got duped).
Obtain expert virus advice directly from virus experts. Stay calm. Stay reasoned. And stay tuned to Vmyths.
Last updated: 2001/9/20