Introduction

Until last year the malware situation can be illustrated with the following characteristics:

• 10-20 outbreaks of almost pandemic character each year.
• The most wide-spread outbreaks were worms that used different spreading mechanisms; often exploiting vulnerabilities in operating systems.
• The malicious software was often not aimed at any particular goal except spreading itself as much as possible.
• These outbreaks got quite a lot of media attention.

However, as discussed in Norman's Security Information for week 3 this year, this situation changed drastically during 2005.

We now are in a point in time when the malware situation is like this:

• Almost no large outbreaks.
• The malicious software is often targeting a particular corporation, typically phishing attempts or other kinds of fraud.
• The malware is often short-lived
• The media attention for the abovementioned is almost non-existent.

Do the media at the moment provide useful information about malicious programs?

Unfortunately magazines, newspapers, webzines, radio and TV are usually more keen to publish news material that can be presented with big headlines, in an easy-to-understand manner and, often with some crisis element included.

Unfortunately the current malware situation does not comply with this.

What we therefore have been able to observe for some time now, is that the malware that gets media attention is not at all what should be regarded as really dangerous, nor what will affect you or me unless some extremely unlikely situation should happen. 
We see high-profile information about some malware that is "marketing" itself with file names of some celebrity in nude - malware that is not widespread at all.
We see information in the news about the danger of the new mobile phone virus - a virus that you are only able to be infected by in circumstances that are so rare that almost none ever gets in such a situation.

It should be added that we who belong to the security business itself may be partly to blame for this situation, as it is always tempting to issue information that has a high probability to get media attention.

The fact that news media have been attracted to stories as the abovementioned is not new, it has probably always been so. Previously however, also the real dangers were focused upon - if not by the fact that they necessarily were particulary fancy, but by the mere fact that so many were affected by the danger in some way or another.
This is no longer the case.

Is "cry wolf" better than keeping silent

It may be argued that by at least informing the public about the danger of malicious software, each and every one of us are inevitably set in a more alert mode than otherwise.

Those that disagree with such an argument will say that by alerting about non-dangerous stuff, the attention is diverted from what is a real threat to us. We will instead be "tricked" to focus on / look for something that we will probably not ever be affected by.

Both camps will probably agree that ideally the media should inform the public in a sincere way that gives real information on how to be protected against the real dangers.

Undoubtly - the real dangers exist and have probably been more severe the latest year. The media as well as the security community have both an obligation to alert the public against these threats.