Kaspersky spammed several journalists with this press release. Several of them followed the Attrition mirror and send it on asking about their findings. I felt I had to reply to them.
From: security curmudgeon (firstname.lastname@example.org) To: email@example.com, firstname.lastname@example.org Cc: errata submission (email@example.com) Date: Thu, 25 Jan 2001 08:51:36 -0700 (MST) Subject: FW: [Kaspersky Lab Press Release] The world's first Linux Internet-worm has been reported "in-the-wild"! (fwd) |From: Denis Zenkin [mailto:firstname.lastname@example.org] |Sent: Thursday, January 25, 2001 9:05 AM |Subject: [Kaspersky Lab Press Release] The world's first Linux |Internet-worm has been reported "in-the-wild"! | |25 January 2001 | |Ramen Has Broken Free! |The world's first Linux Internet-worm has been reported "in-the-wild" | |Moscow, Russia, January 25, 2001 - Kaspersky Lab, an international |data-security software-development company, warns users about the real |threat posed by the Ramen Internet-worm. According to recent reports, the |worm has already caused several incidents of Web sites in |different parts of [snip..] |During the past several days, Kaspersky Lab has received confirmation of |Ramen penetrating into several corporate networks. Among them are the |National Aeronautics and Space Administration (NASA), Texas A&M University, |and Taiwan-based computer hardware manufacturer Supermicro. These |organizations' Web sites have been attacked by a worm causing the |Web sites' I'm so glad we have honorable companies such as yours watching out for the poor uneducated masses out here. I wonder though, would it really have been that difficult to at least credit where this information came from? Checking the Attrition mirror, I can't see any other way that Kaspersky found out about the intrusions above, especially given the date of this release compared to the dates Attrition posted these defacements: [01.01.21] Li [RameN Crew] Siam Stove (www.siamstove.com) [01.01.18] Lr [RameN Crew (worm)] Texas A&M Triton Server (triton.tamu.edu) [01.01.17] Lr [Ramen Crew] Super Micro (www.supermicro.com.tw) [01.01.15] Lr [RameN Crew] NASA (uta7400.jpl.nasa.gov) So Kaspersky just happened to have heard about Texas A&M, Super Micro and an incredibly obscure NASA JPL machine.. which we reported on over a week ago? I doubt it. And your release says you just received confirmation in the last few days, yet this was posted on Jan 25. If you AREN'T getting your information from us (heh), then perhaps you should. We verified one of these *ten days ago*. In the future, please have the decency to give credit where due. Attrition is a non profit hobby site. We do not compete with you in any fashion, and it would not hurt your business to credit us. In fact, it would very likely help your reputation as a company with dignity and honesty. |"The discovery of the Ramen worm 'in-the-wild' is a very significant moment |in computer history. Previously considered as an absolutely secured |operating system, Linux now has become yet another victim to computer |malware," said Denis Zenkin, Head of Corporate Communications for Kaspersky I'd also love to see one non-Kaspersky quote from any legitimate person in the industry saying that Linux was EVER considered "an absolutely secured operating system". I've never heard of such a thing. |Media Contacts | |Denis Zenkin |E-mail: email@example.com | |Sara Claridge |E-mail firstname.lastname@example.org