Kaspersky spammed several journalists with this press release. Several of them followed the Attrition mirror and send it on asking about their findings. I felt I had to reply to them.

From: security curmudgeon (jericho@attrition.org)
To: denis@kaspersky.com, sara@marylebone.co.uk
Cc: errata submission (errata@attrition.org)
Date: Thu, 25 Jan 2001 08:51:36 -0700 (MST)
Subject: FW: [Kaspersky Lab Press Release] The world's first Linux 
Internet-worm has been reported "in-the-wild"! (fwd)

|From: Denis Zenkin [mailto:denis@kaspersky.com]
|Sent: Thursday, January 25, 2001 9:05 AM
|Subject: [Kaspersky Lab Press Release] The world's first Linux
|Internet-worm has been reported "in-the-wild"!
|25 January 2001
|Ramen Has Broken Free!
|The world's first Linux Internet-worm has been reported "in-the-wild"
|Moscow, Russia, January 25, 2001 - Kaspersky Lab, an international
|data-security software-development company, warns users about the real
|threat posed by the Ramen Internet-worm. According to recent reports, the
|worm has already caused several incidents of Web sites in
|different parts of


|During the past several days, Kaspersky Lab has received confirmation of
|Ramen penetrating into several corporate networks. Among them are the
|National Aeronautics and Space Administration (NASA), Texas A&M University,
|and Taiwan-based computer hardware manufacturer Supermicro. These
|organizations' Web sites have been attacked by a worm causing the
|Web sites'

I'm so glad we have honorable companies such as yours watching out for the
poor uneducated masses out here. I wonder though, would it really have
been that difficult to at least credit where this information came from?
Checking the Attrition mirror, I can't see any other way that Kaspersky
found out about the intrusions above, especially given the date of this
release compared to the dates Attrition posted these defacements:

[01.01.21] Li [RameN Crew]          Siam Stove (www.siamstove.com)
[01.01.18] Lr [RameN Crew (worm)]   Texas A&M Triton Server (triton.tamu.edu)
[01.01.17] Lr [Ramen Crew]          Super Micro (www.supermicro.com.tw)
[01.01.15] Lr [RameN Crew]          NASA (uta7400.jpl.nasa.gov)

So Kaspersky just happened to have heard about Texas A&M, Super Micro and
an incredibly obscure NASA JPL machine.. which we reported on over a week
ago? I doubt it. And your release says you just received confirmation in
the last few days, yet this was posted on Jan 25. If you AREN'T getting
your information from us (heh), then perhaps you should. We verified one
of these *ten days ago*.

In the future, please have the decency to give credit where due. Attrition
is a non profit hobby site. We do not compete with you in any fashion, and
it would not hurt your business to credit us. In fact, it would very
likely help your reputation as a company with dignity and honesty. 
|"The discovery of the Ramen worm 'in-the-wild' is a very significant moment
|in computer history. Previously considered as an absolutely secured
|operating system, Linux now has become yet another victim to computer
|malware," said Denis Zenkin, Head of Corporate Communications for Kaspersky

I'd also love to see one non-Kaspersky quote from any legitimate person in
the industry saying that Linux was EVER considered "an absolutely secured
operating system". I've never heard of such a thing.

|Media Contacts
|Denis Zenkin
|E-mail: denis@kaspersky.com
|Sara Claridge
|E-mail sara@marylebone.co.uk

main page ATTRITION feedback