OVERBLOWN: "Y2K viruses" Computer security firms now warn of deadly "Y2K viruses." In some cases, these horrible creations will mimic Y2K-related problems. In other cases, they will terrify users on 1 Jan 2000. In still other cases, old viruses written years ago might not be Y2K compliant. In still other cases, hackers surreptitiously insert malicious code while getting paid to "fix" Y2K software anomalies. This hysteria plays on your original media-inspired fear of the Y2K problem. Why call it overblown? First, if someone writes a virus with a trigger date of 1/1/2000, antivirus firms will quickly update their products to detect it. If someone writes a virus which mimics Y2K-related problems, antivirus firms will quickly update their products to detect it. Even if someone writes a virus which does nothing at all, antivirus firms will quickly update their products to detect it. If an old virus proves non-Y2K compliant, antivirus firms will already detect it with no updates needed. Second, you've probably heard the urban legends -- a steel company destroyed an entire plant during a Y2K dry run, for example, and a food company lost a warehouse of produce to a Y2K anomaly. Can you name those companies? One fearmonger (see below) warns of Mafia influence at Y2K solution provider companies. Can you name any of those companies? Why not?

Companies, government agencies, and individuals have already reset computer clocks to test for Y2K problems. The world now demands Y2K compliance from every product they buy. If a "Y2K virus" sets your computer clock to 1/1/2000, it will only advance it by a few months. This should make us frightened? Remember: Y2K itself will set your clock to 1/1/2000 on New Year's Day.

The media calls each of these events a "cyber war." What word will they trivialize when something worse comes along? Perhaps "cyber genocide" or "cyber holocaust"? Australia vs. Australia! USA vs. Australia [top secret] vs. USA India vs. Pakistan China vs. Taiwan East Timor vs. Indonesia (declared, then postponed) a related cyber war: Indonesia vs. Ireland Other recent "cyber wars" USA vs. Yugoslavia Serbia vs. NATO China vs. NATO China vs. Canada Third, if |ber-hackers and |ber-viruses will exploit Y2K problems, we can assume they'll exploit unknown Y2K issues. Why don't these guys make big bucks as |ber-Y2K experts? They must know a lot more about Y2K problems than the Y2K solution providers!

Those who don't buy into "Y2K virus" predictions Data Fellows (antivirus firm) Sophos (antivirus firm) Forbes Sr. Editor Adam Penenberg Crypt Newsletter Computer Virus Myths home page Those who do buy into "Y2K virus" predictions Tiger Security Mathew Bevan [Crypt Newsletter reports Bevan was "indicted in England on charges related to network intrusions at the US Air Force's Rome Labs in 1994. While the case against Bevan collapsed in Crown Court and was eventually tossed out, a Manchester Guardian newspaper reported... 'those who have studied the detailed evidence in the case say that [Bevan's] approach was entirely haphazard and (so far as Bevan was concerned) motivated by the belief that a captured alien spacecraft, held secretly at the remote Nevada airbase Area 51 (as featured in last year's film 'Independence Day'), was reality.' "] News story: " 'there is proof the Mafia was backing hackers posing as year 2000 programmers,' said Bevan. 'People will have hacked some machines and no one will know until too late.' " mi2g [Computer-naove reporters adore this firm's unabashed fearmongering.] D.K. Matai Press release: "resetting of a network's internal clocks, through Cyber Attack or special viruses, is a major fear for non-compliant Y2K businesses, as this accelerates the Millennium Bug forward." News story: "in one test, the production line of [an unidentified] major car manufacturer ground to a halt when the clock was rolled forward to January 2000. The robotics systems stopped dead with no way to recover them, said Matai." Corporation 2000 Martyn Emery News story: " 'companies could be hit by thousands of [Y2K-specific] viruses. They cannot assume it will be business as normal,' said Martyn Emery... 'It may be that companies will have to disable their e-mail systems for the first seven days of the New Year,' he added." U.S. Government FBI NIPC [Officials in India derided the FBI for making wild accusations about their country.] Terrill Maynard News story: " 'India and Israel appear to be the countries whose governments or industry may most likely use their access [to non-Y2K compliant U.S. software] to implant malicious code in light of their assessed motive, opportunity, and means.' " Michael Vatis News story: " 'We have some indications that this is happening...' Vatis, interviewed at FBI headquarters, said that so far 'not a great deal' of Y2K-related tampering had turned up. 'But that's largely because, No. 1, we're really dependent on private companies to tell us if they're seeing malicious code being implanted in their systems.' " News story: " 'In some instances, it may not be immediately apparent whether a service outage is the result of the 'millennium bug' or a computer intrusion,' [Vatis] told a Senate panel... The FBI 'expects to see increased and possibly violent activities among certain domestic groups related to the millennium,' he testified." White House National Security Council Mark Montgomery News story: " 'We expect an increased level of malicious activity during the Y2K rollover,' said Mark Montgomery... 'We think that some people may feel that we'll be distracted by minor infrastructure failures that may occur,' he added." GartnerGroup

Lou Marcoccio News story: "More than 30,000 threats from computer hackers and virus writers who say they will release new viruses to herald the new year and the new millennium have been logged by the FBI and other law enforcement groups, Lou Marcoccio, worldwide research director at the technology consulting firm Gartner Group said. 'Most of these threats will probably amount to nothing,' Marcoccio told Reuters after addressing a community banking industry convention in Orlando. 'But if just five or 10 viruses are released at the same time, that would overwhelm the ability of ... companies that produce the fixes. It could cause substantial productivity losses.' " Science Applications International Corp. (SAIC) Constance Fortune News story: " 'You need people who recognize the signs of [a Y2K] attack, and who are trained to shut down the system as soon as possible when it hits,' said Fortune... 'We're already seeing lots of (Y2K hacker) postings.' " News story: "Those who create viruses, worms and other destructive computer phenomena have found ways to take advantage of the Y2K problem." Finjan [Earlier this year, Finjan labeled Microsoft Excel "probably the biggest security hole in Internet history." Years of problems with Word macro viruses pale when compared to a theoretical threat in Excel...] Bill Lyons News story: "January 1 could be the launch day for a major virus epidemic according to President and CEO of Finjan Anti-Virus, Bill Lyons. Lyons last week told ZDNet that warnings about the danger of virus attacks designed to coincide with the Y2K bug have by no means been exaggerated. He considers the danger of a millennium virus outbreak to be almost greater than the Y2K bug itself. 'Everybody who has looked into it and tried to tackle the area seems to think there's going to be an onslaught,' he said. 'With everybody focusing on the Y2K count, I think some people are going to think 'hey, this is a great time for me to get some exposure.' Lyons cautioned companies not to drop their guard against infected e-greetings and other malicious attacks this New Year as they focus on Y2K issues. 'We are predicting an explosion of these this year and when you have one harmless executable you can quite easily merge that with a malicious executable.' " Network Associates (Their website trumpets special "millennium anti-virus initiatives" to save the world from deadly "Y2K virus attacks." They will even offer a fee-based "Millennium Support Program which will provide 24x7 Enterprise support ... from December 25, 1999 to January 7, 1999.") Sal Viveros News story: " 'we've actually already seen postings on some of the Usenet [chat] groups [for virus writers and hackers] where they are discussing how to use Y2K to 'hose' systems,' said Sal Viveros." News story: " 'It's a time when everyone's worried there's going to be system failures, so that would be the perfect time for virus writers to be writing these,' said Sal Viveros... Y2K viruses have caused little damage and don't appear to be out 'in the wild.' But that could change, said Viveros... In December, the time will be ripe for Y2K virus writers, Viveros said... 'The vehicles to spread the virus and the notoriety play right into the virus writers' mentality,' Viveros said. 'When people come in to work on January 3 and their computer doesn't boot up, the first thing they're going to think was they had a system failure.' " Allison Taylor News story: "be on the lookout for viruses that may try to mimic the damage expected to occur as a result of year-2000 problems, and therefore be missed by IT managers. 'Don't let yourself be fooled,' said Allison Taylor... 'It's important that [IT managers] are familiar with their networks. Be on the lookout for something that is out of the routine.' " Computer Associates Reyland Villacastin News story: "[Villacastin] noted that some of the new breed of viruses are now harder to detect since they now mimic the Y2K problem. 'There are certain so-called Y2K viruses that act like the Y2K bug but are not necessarily a Y2K problem,' Villacastin said. Although he was not able to cite how many of these bugs are now 'out in the wild,' he said that these bugs do exist... 'Y2K viruses are as destructive as the Y2K problem. Right now we don't have a lot of documentation of these type of viruses,' he admitted." Symantec Carey Nachenberg News story: " 'it's possible that we could see 200,000 viruses around Y2K,' said Carey Nachenberg... 'We will see a large number of viruses that will do something on January 1.' "

http://cknow.com/kumite.htm

-- The Truth behind Y2K (rumor@lies.deception), December 22, 1999

Answers

That format sucks, just go and see the website.

-- (rumors@lies.deception), December 22, 1999.

Anonymous:

Are you spamming again. You're posting this same shit over on Debunking Y2K. Whats wrong, is that forum getting to boring for you or are you getting sick of cpr relying on the crystal ball he has stuck up his ass?

-- troll alert (trollssuck@here.everywhere), December 22, 1999.

Is there something wrong with posting two messages to the forum? Or is it the message you take objection to?

And why do you always treat these threads the same way ("delete delete delete") even though it's a good thread.

Just respond to the thread's content, or skip if it you have nothing to say. Is that so hard?

-- (rumors@lies.deceptioon), December 22, 1999.

Or better yet, go see the website I refered to. It's a good site. and it might help some people understand virri and myths that surround them.

-- (rumors@lies.deception), December 22, 1999.

I agree with the gist of the article.

However you can't necessarily preprotect a computer from a newly written virus. That is the only part of the concern that really isn't addressed here.

Generally the virus threat is way overblown just as cyberwarfare is. The larger threat is the FOF attitude that will probably do us in by death from a thousand cuts.

-- LM (latemarch@usa.net), December 22, 1999.

Oh, I see. We should show kindness and understanding to the information you so generously supply to this forum. BUT, let information be posted on Debunking Y2K and it becomes "doomer zombie rambling".

-- troll alert (trollssuck@here.everywhere), December 22, 1999.

troll@alert,

I'm not going to get into an argument with you about what goes on in either forum. I posted this to both places because I feel it's pertinent, and I wanted to get the responses from both groups. I'm into this stuff and if nothing else it interests me what people have to say about this topic. Okay??

If you hadn't noticed it's you who is ruining yet another perfectly good thread, so it's you who is the troll.

Go check out http://cknow.com/ckhome.htm. I find it to be a most interesting site with lots of good links. Read through it and make up your own mind.

-- TheTruth behind Y2K (rumors@lies.deception), December 22, 1999.

Who's been peaking up cpr's butt???

-- whats (up@cpr.butt), December 22, 1999.

Dear 'Truth behind Y2K' " The world now demands Y2K compliance from every product they buy" immediately disqualifies this piece from consideration. More overspun drivel from the terminally ignorant. Read a little son, you might learn something.

-- Get Real (gaf@mindspring.com), December 22, 1999.

Disqualifies it?

Just what does that mean?

-- (rumors@lies.deception), December 22, 1999.

What it means 'Truth' is that the statement is so patently absurd on its face that if the rest of the text made the case for the sun coming up tomorrow morning I'd bet against it. 'The world'? You are obviously painfully uninformed about the situation in South America, Mexico, Southeast Asia, Central Europe, China and other areas too numerous to mention. Play in another sandbox.

-- Get Real (gaf@mindspring.com), December 22, 1999.

You take one statement, and then disqualify the rest of the article because you don't completely agree with that one statement?

I mean, there is ALOT more to this piece then just whether or not the world demands Y2K compliance from every product. Maybe it's not the most accurate thing to say. But then again maybe it is. It's so general how can you possible have a problem with it? It's like saying the entire world likes the color blue. How can you argue with that? And WHY did you take this one sentence out of the entire two page article to nitpick???

And go play in another sanbox??? Calling me "son"...

The more I hear from you people on this forum the more it solidifies my opinion that Y2K is just completely overblown (the REAL subject behind this article). Now how about YOU go back and re-read this article. Or maybe read it for the first time if that is the case.

-- (rumors@lies.deception), December 22, 1999.