Your daily scare brought to you by someone who can help

Newspapers are more and more becoming simple distributors of corporate press releases. For example, this New York Times story by John Markoff about a new, malicious botnet that is sweeping through many companies' computers. Alarm bells should always ring when reading stories about cyber-attacks, since they are so often sourced to "security consultants" who can help you solve the problem (for a fee).

The Markoff story originates with one such consulting service, which "discovered" the botnet and wants us to know they are on top of the situation. While the article may have a grain of truth and will be "prescient" if said viral cootie becomes a larger threat and eventual household word, how credible is it that no other cyber "experts" besides this one company are quoted?

Markoff makes it look to the hurried morning skimmer that he's sourced the story more widely by obtaining quotes from two people, in addition to what he recycled from the press release. But they both work for the company that "discovered" the botnet! The last sentence admits the Wall Street Journal got the jump on the Times, by previously running a story on the alleged botnet prior to the security consultant's press release. (Which means the consultant gave the Journal an "exclusive.")

The Journal story is here, and not much more credible. The companies supposedly compromised by the botnet are barely talking. A consultant asked to give a second opinion doesn't actually speak to the first consultant's data but makes a vague statement like "these darn worms can really be a problem." It's clear that both the Times and Journal took this story seriously because the CEO of the consultant who made the announcement used to work for a major government agency (hint--the one that brought us color coded terror alerts).