CodeRed, the Media, and people

["E. Larry Lidz" <ellidz () eridu uchicago edu>]

As a security person at a University, I've been dealing with a lot of
people over the last few weeks who have had their machine compromised
by one of the worms du jour, and I'm beginning to notice a disturbing
trend:

People *like* being infected by Code Red.

You heard me right. People like it. Not the system administrators or
the security people who have to do the clean-up work, but the users of
the machines. They like it.

It's exciting. *They* were infected by the Code Red Worm. It was on the
*news* and it effected *them*. They can go home and tell all of their
friends and family. Sure, their machine was off the network for a few
days because they didn't take care of it, but it's well worth it for
the story that they get to tell.

Now, that all said, this isn't the case for most of the people we've
dealt with -- most people recognize the seriousness of the situation
and have handled it professionally. But there are people who have
reacted like this. When they do, we politely point out to them that
something *bad* has happened to their machine and they need to be more
careful.

It's probably just human nature and there's nothing we can do about
it... but it's something to remember when talking to the media -- if
you create excitement about something, people will be excited about
it when it happens to them.

-Larry

---
E. Larry Lidz                                        Phone: (773)702-2208
Sr. Network Security Officer                         Fax:   (773)702-0559
Network Security Center, The University of Chicago
PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com