• United States



Bad security PR watch

Nov 07, 20113 mins
Data and Information Security

This security public relations firm should read its press releases before sending them out.

On occasion I show you some of the more awkward press releases I receive because PR firms have a job to do for their security clients. Rush out a press release with misinformation, incorrect details and hype and you are not serving your client well.

Someone recently noted that it’s not the PR firm’s fault because the vendors tell them what to put out to attract press attention. That’s hooey.

A PR firm’s job is to help vendors manage their message responsibly. Just do what you’re told and put out nonsense and you fail your client, not to mention all the security practitioners who are relying on us for actionable information.

With all that said, I feel the need to poke fun at a PR email I got this evening about the Duqu threat. In an effort to preserve some dignity for the PR person and vendor in question, I’ll leave names out.

Here is the message, with my comments in italics:

VENDOR X Protects Against Son of Stuxnet Duqu now!

We’re in trouble as soon as we reach the headline. The PR scribe neglected to mention that researchers have backed off calling Duqu the son of Stuxnet because, after further analysis, they found that despite some common features, Duqu and Stuxnet have been designed to do different jobs, one very targeted, the other more general.

Just a quick update that Microsoft has issued a temporary fix to guard against Duqu, the recently spotted malware that in some ways resembles the highly dangerous Stuxnet worm. However, the patch only deals with the Microsoft Word side of the equation; users will still be vulnerable to Duqu malware with other types of documents like PDF’s or Excel attachments.

That paragraph sounded familiar to me. I eventually realized it came from a TechNewsWorld article I saw earlier. It borrows from the article almost verbatim, without properly sourcing it.

Duqu is a zero-day vulnerability that is part of an installer application used to install the malware so a patch to remedy the software vulnerability does not protect against the actual Duqu malware. Duqu has been identified as malware that was likely written by the same people who created the highly dangerous Stuxnet worm, which had infiltrated Iranian nuclear installations. Duqu is primarily a remote access Trojan that is targeted toward organizations for their specific assets.

Duqu is not a vulnerability. It is a piece of malware that EXPLOITS vulnerabilities like the one Microsoft is working to fix.

VENDOR X anti-malware is known for its strength against zero-day malware and its unparalled ability to recognize malware it has never seen before. VENDOR X’s PRODUCT delivers proactive protection against malware. If you’d like more information, please don’t hesitate to contact me…

End of email

I don’t think I’ll be calling this person back.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a

Get your morning news fix with the daily Salted Hash e-newsletter!