October 3, 2001
Dear sir or ma'am;
This is not a joke, or an alarmist opinion. Over 8 million
computers are vulnerable right now to a second wave attack and the
consequences are potentially dire. For the first time in my life, I tried
to call the White House and then the FBI, but the distinct impression I got was
summed up with "Thanks for the Call."
It is my sincere hope that one of you will pay attention and take some
In the past few weeks, I have seen more nasty viruses than in any period I
can recall. Hybris, Magistr, SirCam, and Nimda are but a few of them
and the vast majority of computers are not protected, at all.
As of last night, 25% of the computers
scanned by McAfee were infected with the Nimda virus, which first appeared on
September 18! It is a wicked little devil that resends
itself to everyone in the computer's address book, infects every system on the
local network, and even inserts itself into the company's homepage, if it
can. The cost of the bad PR alone, due to the infection
of every website visitor's system could be staggering.
Unless the antiviral data files have been
updated within the past week, the computer is not
protected. Virus software compares files that are opened
or executed against a database of "signatures". With three new viruses
every day, systems that have old virus definition files might as well not even
be running the software; it will not recognize or stop the new viruses and
creates a false sense of security.
One fourth of our computers are already
infected with Nimda. The virus itself seems to do little
except spread at an alarming rate. It does; however, open the door
for a follow-up by creating "shares" to all available drives with no
password which will allow a second wave to do anything. Erasing
everything, locating and sending secure data and passwords, bank and credit card
info, or eCommerce ordering, are but a few of the possibilities.
Most larger businesses are probably protected, but the five million small
businesses and sixty eight million home users are at serious risk.
We need to move fast, before the next virus comes through those
I believe that we must have a major publicity campaign to educate the
computer user's of the danger and, more importantly, how to check for and
perform regular antiviral updates. If we don't, then I am afraid a truly
destructive attack will be outrageously successful.
If I can be of any assistance in this matter, or should you have
any questions, please feel free to contact me.