Security - Media View vs. Real World

Security - Media View vs. Real World

Security issues tend to come and go with unnerving regularity.  The media talks about some huge security issue today, in a few days a patch is released and by the end of the week it's all forgotten about and the media are onto the next thing.

This is security from the viewpoint from "media land", where the goal is to cover the topic de jour and then move onto the next thing.  In the real world things are very different.  Let me give you an example.

Towards the end of January 2006 a new email threat came onto the scene called the Kama Sutra worm (you might know this by one of the many other names it goes by, such as Nyxem.e, MyWife.d, Grew.a, or Blackmal.e).  This is a nasty piece of work that installs itself on systems and is then triggered to delete a variety of files on a trigger date which is at the start of every month.

The coverage timeline went something like this (I'm doing this partly from memory but also based on posts I made over on my PC Doctor blog at the time):

From this point on interest in this particular piece of malware waned and the media moved on to the "Next New Thing".  

Problem is, this isn't the end of the story.  This nasty piece of malware triggers at the beginning of every month and overwrites files (in particular Word and Excel files).  When these files are then run, all the user sees is this message:

DATA Error [47 0F 94 93 F4 K5]

I've been fortunate to occupy the top spot on Google for this search term pretty much continuously since the story broke and this has allowed me to track searches based on this search term.  Based on this one thing is clear - copies of this are still triggering monthly and I see a search spike every month of several thousand users a day for a few ways (I also get an inbox full of email from those affected looking for a magic fix for the deleted files - ).  Even though the Kama Sutra worm is not talked about in the media any more, it's still hitting users, and hitting them hard.

The point I'm trying to make is this - just because the media has forgotten something doesn't mean that it's gone away.  Vendors can patch vulnerabilities and every anti-virus product out there can be up to speed on the matter but that doesn't mean that everyone's magically protected.  Malware, in particular worms and viruses, can have a very long lifespan indeed.  I'll continue to track the Kama Sutra work and give you an update on whether I'm still seeing hits based on this in a few months.

The moral of the story, if it can be called that, is this.  The media carries out a vital service when it comes to spreading the word about new security issues and vulnerabilities, but the effect is short-lived and people who haven't patched their PCs or installed proper security tools are on their own.

Adrian Kingsley-Hughes
Last updated: May 4th 2006
Print This Page   |   Email me when this page changes    |  Search This Site System Scanner does the work for you!

Contact Us