NEWS
Media reports circulating about the threat posed by a Linux worm called Mare.D have been written off as little more than the result of a "slow news week" by one leading antivirus expert.
The stories stemmed from a fairly innocuous warning on F-Secure's blog about the virus which is targeting open source vulnerabilities, known about since last year, and the risk of infection is believed to be negligible.
As such other security companies have told silicon.com they are baffled by the media coverage the worm has attracted.
But even F-Secure is confused as to how a run-of-the-mill blog posting has turned into a news story.
Richard Hales, country manager at F-Secure, told silicon.com: "I don't know why anybody has picked up on this anymore than they normally would. Our blog is there for commenting on everything from whether the chips were cold at a conference to reporting the latest variant of a worm. But if it's something serious we'd put out a warning and we'd issue a press release.
"Perhaps because this had 'Linux' in the title it attracted a bit more interest."
Simon Perry, senior VP security strategy at CA, told silicon.com his company isn't even rating the virus.
He said: "It does seem very odd to me to highlight a vector that is a year old and is very likely patched in production systems."
Russ Cooper, senior information security analyst at CyberTrust, went further, suggesting the media is simply trying to "work up a lather among communities which don't normally buy antivirus software". He was referring to the fact a Linux worm might be seen as more newsworthy even if "there are no reports in the wild".
Cooper added: "It must be a slow news week."
Graham Cluley, senior technology consultant at Sophos, agreed. He confirmed his company had seen no reports of the virus and suggested novelty factor, rather than genuine threat may be behind the story.
Cluley told silicon.com: "At the moment, malware for all kinds of non-Microsoft platforms are making the news because of their novelty value I think. It's important that people who don't use Microsoft Windows realise that attacks do happen on other OSes but it's also important to keep these things in perspective."
He added: "The problem is huge on Windows with 120,000-plus pieces of malware. That figure is humungous compared to Macintosh, Unix and so on."
Comments
There are 2 comments. Join the discussion
1. Paul Sinclair
The big problem with the way this story was picked up and run with is that any reports of the so-called Mare.D worm have included warnings about Mambo, the popular cms. Strangely, most of the reports also recommended that people upgrade to the patched Mambo version that dealt with a vulnerability that was advised 12 months ago.
The problem with this is two-fold: the damage done to the credibility of Mambo, and the perhaps false sense of security any users may feel if they are still running the year-old version. Security patching is a movinig target, always trying to keep ahead of script kiddies and any users of the old Mambo 4.5.2.1 are exposed to risks that were patched with later versions.
So, the hype about Mare.D may die away, but will people realize that the association of Mambo to it in the reports is out-of-date and completely irrelevant?
2. anonymous
just want to say that I dont think is is hyped at all.. only people talking about if it is a linux problem or not .. bla bla bla .. no real info on how to get ridd of it .. acording to the info I've found it should not affect the version of my installd mambo and so on .. but still .. I can se a lot of atempts in my apache log .. and also se the files and processes that is the ressult of it ..
Ive removed the proseses .. the files .. and just waiting .. it caommes back .. and from diffrent ip´s .. so it seam like a lott off servers has it .. verry intrsting ..
I run mambo 4.5.2.3 .. and it should not be affected ..
but still .. it infect me time after time
please hype the sulution more please.