Slashdot Mirror
Author Makes Symbian Virus Code Available
putko writes "The NY Times (registration required) has a story about a Brazilian software expert whose posted the code for his Bluetooth virus on his website.
The article has a general anti-free-exchange-of-information tone to it. Security firms call him bad. Nokia is concerned.
Here's his homepage (in Portuguese), so let's not unnecessarily DDoS him:
The most irritating bit of all this is that the guy writes the thing, distributes it, gives it a name (eponymous) and then the stupid virus firms go and butcher it -- e.g. "Lasco.A". What's so wrong with "Velasco" already? The guy clearly wants it to be named after himself."
Simple. You need the ".A" to indicate it's the first of its type. Since this dumbass has released the virus code to the world, you can bet there's going to be a ".B", ".C", etc.. In fact I doubt one alphabet will be enough to count them all.
As for using this guy's name, why would we want a virus writer and distributor to become famous?
Grab.
It's not much of a leap to assert that most malware is, on some level, a form of ego tripping, and most malware authors, much like the authors of any other software, would like to see their work spread far and wide.
Hence, antivirus companies always change the name.
Whether or not a virus had a name to begin with, each vendor will select a name of their own for it to deprive the author of that fame. Why encourage them, you know?
But there's the other bit of ego -- each vendor will select a name of their own. For a prominent attack, one of these names will make it into he wider media, and being the vendor that named it is itself an ego boost for that company.
So, all of this naming nonsense is just a stupid dickwaving ego contest. We'd almost be better off if we did like the National Weather Service and named each year's outbreaks in advance, before any of them are spotted in the wild, just to neutralize the stupid games that go on over what this junk gets called. Not that that'll ever happen, of course...
DO NOT LEAVE IT IS NOT REAL
I'll back it up.
:m einfo.html/ t ory-start/
It is the explicit (and logical) intention of AV comapanies not to name rogues in the fashion the author desires.
Symantec's Policy is as folloes
Virus names consist of a Prefix, a Name, and often a Suffix.
* The Prefix denotes the platform on which the virus replicates or the type of virus. A DOS virus usually does not contain a Prefix.
* The Name is the family name of the virus.
* The Suffix may not always exist. Suffixes distinguish among variants of the same family and are usually numbers denoting the size of the virus or letters.
The Code Red virus got its name from an eEye Digital Security researcher's beverage of choice -- the cola variety of Mountain Dew soft drink -- the night they picked through the corruptive code.
Symantec Security Response senior director Vincent Weafer, who referred to Code Red's caffeine-based name, told NewsFactor that there are some things researchers do not use when naming worms:
"We don't use the name of the virus writer because we don't want to give name recognition for something that's done for publicity, and we don't use the date because there are so many trigger dates and it's such an easy thing to change that it wouldn't make any sense," Weafer said.
"After that, it comes down to the researcher and what they find unique about a particular virus," Weafer added.
Quotes above from
http://securityresponse.symantec.com/avcenter/vna
http://www.newsfactor.com/perl/story/15662.html#s
http://users.tcworks.net/virus/naming.htm/