Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Y2K viruses (1999)

CATEGORY: Media flops, media fiascoes

"Y2K virus" hysteria originally started as a misguided description of the Y2K problem itself. In early 1999, fearmongers twisted the idea to sell more computer security software. Y2K experts — under pressure to downplay the original Y2K threat — embraced the fearmongers and spread the "Y2K virus" hysteria as fact.

Fearmongers predicted all sorts of maladies for Y2K viruses. Some would mimic Y2K-related problems; others would terrify users on 1 Jan 2000. In a bizarre twist, the term "Y2K virus" even included viruses written years ago which were not Y2K compliant.

Other fearmongers — most notably FBI NIPC director Michael Vatis and CIA analyst Terrill Maynard — claimed to know for a fact that hackers, spies, and the mafia inserted malicious code in U.S. corporate software while getting paid to "fix" Y2K software anomalies. (Vatis caused a minor international incident when he accused India & Ireland of preparing to attack the U.S.; he later admitted he lacked such evidence.)

Media outlets worldwide fell for Y2K virus hysteria. And it proved a massive journalistic fiasco.

Those who shunned the Y2K virus hysteria included:

Those who embraced the Y2K virus hysteria included:
  • Tiger Security
    • Mathew Bevan
      [Crypt Newsletter reports Bevan was "indicted in England on charges related to network intrusions at the US Air Force's Rome Labs in 1994. While the case against Bevan collapsed in Crown Court and was eventually tossed out, a Manchester Guardian newspaper reported... 'those who have studied the detailed evidence in the case say that [Bevan's] approach was entirely haphazard and (so far as Bevan was concerned) motivated by the belief that a captured alien spacecraft, held secretly at the remote Nevada airbase Area 51 (as featured in last year's film 'Independence Day'), was reality.' "]
      • News story: " 'there is proof the Mafia was backing hackers posing as year 2000 programmers,' said Bevan. 'People will have hacked some machines and no one will know until too late.' "
  • mi2g
    [Computer-naïve reporters adore this firm's unabashed fearmongering.]
    • D.K. Matai
      • Press release: "resetting of a network's internal clocks, through Cyber Attack or special viruses, is a major fear for non-compliant Y2K businesses, as this accelerates the Millennium Bug forward."
      • News story: "in one test, the production line of [an unidentified] major car manufacturer ground to a halt when the clock was rolled forward to January 2000. The robotics systems stopped dead with no way to recover them, said Matai."
  • Corporation 2000
    • Martyn Emery
      • News story: " 'companies could be hit by thousands of [Y2K-specific] viruses. They cannot assume it will be business as normal,' said Martyn Emery... 'It may be that companies will have to disable their e-mail systems for the first seven days of the New Year,' he added."
  • U.S. Government
    • FBI NIPC
      [Officials in India derided FBI for making wild accusations about their country.]
      • Terrill Maynard
        • News story: " 'India and Israel appear to be the countries whose governments or industry may most likely use their access [to non-Y2K compliant U.S. software] to implant malicious code in light of their assessed motive, opportunity, and means.' "
      • Michael Vatis
        • News story: " 'We have some indications that this is happening...' Vatis, interviewed at FBI headquarters, said that so far 'not a great deal' of Y2K-related tampering had turned up. 'But that's largely because, No. 1, we're really dependent on private companies to tell us if they're seeing malicious code being implanted in their systems.' "
        • News story: " 'In some instances, it may not be immediately apparent whether a service outage is the result of the 'millennium bug' or a computer intrusion,' [Vatis] told a Senate panel... The FBI 'expects to see increased and possibly violent activities among certain domestic groups related to the millennium,' he testified."
    • White House National Security Council
      • Mark Montgomery
        • News story: " 'We expect an increased level of malicious activity during the Y2K rollover,' said Mark Montgomery... 'We think that some people may feel that we'll be distracted by minor infrastructure failures that may occur,' he added."
  • GartnerGroup
    • Lou Marcoccio
      • News story: "More than 30,000 threats from computer hackers and virus writers who say they will release new viruses to herald the new year and the new millennium have been logged by the FBI and other law enforcement groups, Lou Marcoccio, worldwide research director at the technology consulting firm Gartner Group said. 'Most of these threats will probably amount to nothing,' Marcoccio told Reuters after addressing a community banking industry convention in Orlando. 'But if just five or 10 viruses are released at the same time, that would overwhelm the ability of ... companies that produce the fixes. It could cause substantial productivity losses.' "
  • Science Applications International Corp. (SAIC)
    • Constance Fortune
      • News story: " 'You need people who recognize the signs of [a Y2K] attack, and who are trained to shut down the system as soon as possible when it hits,' said Fortune... 'We're already seeing lots of (Y2K hacker) postings.' "
      • News story: "Those who create viruses, worms and other destructive computer phenomena have found ways to take advantage of the Y2K problem."
  • Finjan
    [Earlier this year, Finjan labeled Microsoft Excel "probably the biggest security hole in Internet history." Years of problems with Word macro viruses pale when compared to a theoretical threat in Excel...]
    • Bill Lyons
      • News story: "January 1 could be the launch day for a major virus epidemic according to President and CEO of Finjan Anti-Virus, Bill Lyons. Lyons last week told ZDNet that warnings about the danger of virus attacks designed to coincide with the Y2K bug have by no means been exaggerated. He considers the danger of a millennium virus outbreak to be almost greater than the Y2K bug itself. 'Everybody who has looked into it and tried to tackle the area seems to think there's going to be an onslaught,' he said. 'With everybody focusing on the Y2K count, I think some people are going to think 'hey, this is a great time for me to get some exposure.' Lyons cautioned companies not to drop their guard against infected e-greetings and other malicious attacks this New Year as they focus on Y2K issues. 'We are predicting an explosion of these this year and when you have one harmless executable you can quite easily merge that with a malicious executable.' "
  • Network Associates
    (Their website trumpets special "millennium anti-virus initiatives" to save the world from deadly "Y2K virus attacks." They will even offer a fee-based "Millennium Support Program which will provide 24x7 Enterprise support ... from December 25, 1999 to January 7, 1999.")
    • Sal Viveros
      • News story: " 'we've actually already seen postings on some of the Usenet [chat] groups [for virus writers and hackers] where they are discussing how to use Y2K to 'hose' systems,' said Sal Viveros."
      • News story: " 'It's a time when everyone's worried there's going to be system failures, so that would be the perfect time for virus writers to be writing these,' said Sal Viveros... Y2K viruses have caused little damage and don't appear to be out 'in the wild.' But that could change, said Viveros... In December, the time will be ripe for Y2K virus writers, Viveros said... 'The vehicles to spread the virus and the notoriety play right into the virus writers' mentality,' Viveros said. 'When people come in to work on January 3 and their computer doesn't boot up, the first thing they're going to think was they had a system failure.' "
    • Allison Taylor
      • News story: "be on the lookout for viruses that may try to mimic the damage expected to occur as a result of year-2000 problems, and therefore be missed by IT managers. 'Don't let yourself be fooled,' said Allison Taylor... 'It's important that [IT managers] are familiar with their networks. Be on the lookout for something that is out of the routine.' "
  • Computer Associates
    • Reyland Villacastin
      • News story: "[Villacastin] noted that some of the new breed of viruses are now harder to detect since they now mimic the Y2K problem. 'There are certain so-called Y2K viruses that act like the Y2K bug but are not necessarily a Y2K problem,' Villacastin said. Although he was not able to cite how many of these bugs are now 'out in the wild,' he said that these bugs do exist... 'Y2K viruses are as destructive as the Y2K problem. Right now we don't have a lot of documentation of these type of viruses,' he admitted."
  • Symantec
    • Carey Nachenberg
      • News story: " 'it's possible that we could see 200,000 viruses around Y2K,' said Carey Nachenberg... 'We will see a large number of viruses that will do something on January 1.' "

Last updated: 2001/1/13