Other than Dshield and the MVP efforts, this malware release was getting no press. End-users would be completely in the dark if this malware went widespread the next morning. Around 3:00 a.m. EST, Dec. 28, 2005, after much deliberation, I notified the mainstream media outlets -- MSNBC, CNN, Fox News, among others -- via e-mail and left my credentials and cell phone number so that the word could spread beyond the limited audience of computer security professionals. Avenues for submitting breaking news to their Web sites were either nonexistent or close to it. None ever responded, and the first media coverage of WMF came out more than 12 hours later.
It is unfortunate that the informal, pseudo-professional mailing lists, such as DShield and MVP, were much more responsive in spreading early warnings than any of the official alert channels. This was true despite the frequent announcements of global coordinating entities designed for discovering and responding to just such a situation. In the end, all of these initiatives fail at their primary purpose: early warning.
OK, the Internet isn’t a baby anymore. Fast, global malware attacks have been happening regularly since 1988 (remember the Morris worm?). Isn’t it time for some official governing agency to make a central site for malware warnings, where submissions can be analyzed, and the public quickly warned -- more quickly than CERT, CNN, or the Department of Homeland Security? Or is it impossible for an “official” channel to be responsive?
If you have ideas or suggestions, I'd love to hear them. Post your comments at my new Security Adviser blog, and let's figure out a better way to deal with malware.