Slashdot Mirror

← Back to Stories (view on slashdot.org)

Name That Worm

Posted by Zonk on from the more-sense-less-clutter dept.

Ant wrote to mention a C|NET article reporting on the Common Malware Enumeration (CME) initiative, now emerging from its test phase. From the article: "Next month, the U.S. Computer Emergency Readiness Team (CERT) plans to officially take the wraps off the effort, meant to reduce the confusion caused by the different names security companies give worms, viruses and other pests. The project assigns a unique identifier to a particular piece of malicious software. When included in security software, in alerts and in virus encyclopedia entries, this identifier should help people determine which pest is hitting their systems and whether they are protected ..."

80 comments

  1. In Soviet Russia.. by Anonymous Coward · · Score: 0, Funny

    ...Worms name YOU!

    1. Re:In Soviet Russia.. by eklitzke · · Score: 5, Insightful

      Can people NOT moderate these as funny? Because really, they're not.

      --
      #include ".signature"
    2. Re:In Soviet Russia.. by Anonymous Coward · · Score: 0

      In soviet russia, Slashdot posts on fucking idiots.

    3. Re:In Soviet Russia.. by Anonymous Coward · · Score: 1, Insightful

      ha ha ha ha ha.
      Come on somebody. Genuinely funny doesn't happen on slashdot that often...

    4. Re:In Soviet Russia.. by Anonymous Coward · · Score: 1, Funny



      maybe they are funny and you just don't have a sense of humor.

    5. Re:In Soviet Russia.. by Anonymous Coward · · Score: 0

      Don't flame if you don't get the joke.

  2. Proposal by b100dian · · Score: 2, Interesting

    Run all antiviruses on a machine.
    Exec the worm.
    Blitblt the screenshot into an OCR buffer.
    Compute the name of the worm

    extra step: see if all AVs fired: if not so, the naming can become "AV killer"

    --
    gtkaml.org
  3. did... by dosle · · Score: 1

    Did you get my joke email? just save the billgatespie.exe and run it for a fun game

    1. Re:did... by KillShill · · Score: 1

      did you know that if you rename billgatespie.exe to .scr you can install it as a screensaver?

      then install a password on it and no one can stop it short of a reboot... or 30 mins, give or take.

      --
      Science : Proprietary , Knowledge : Open Source
  4. Way to go by Anonymous Coward · · Score: 0

    Yeah, because giving names to things, like say hurricanes, allows you to relate to their awesome destructive force in an altogether more empathetic manner...

  5. It's obvious by Anonymous Coward · · Score: 1, Funny

    All worms should be named "Bill"... after the man that made them all possible!

  6. Compliance will be an issue... by Anonymous Coward · · Score: 2, Interesting

    I think the most difficult part of this proposal will be getting the virus writers to include the unique identifier in their code. Besides, isn't the evil bit already supposed to take care of this issue?

    1. Re:Compliance will be an issue... by TheGazelle7 · · Score: 1

      hmm... let's see... oh yeah... is written into the virus.... MD5.... SHA1? These ring a bell? It's called cross correlation. CMEID=~MD5=~SHA1

      just a though...

  7. I'd like to nominate by Anonymous Coward · · Score: 3, Funny

    The use of the name "FruitFucker 2000".

    Thank you and good nite

    1. Re:I'd like to nominate by Tackhead · · Score: 4, Funny
      > I'd like to nominate
      > The use of the name "FruitFucker 2000".

      Sure thing, but we'll have to wait until my OS X box gets hit.

    2. Re:I'd like to nominate by Incadenza · · Score: 1

      I think you have been listening to Nurse With Wound a wee bit too long.

    3. Re:I'd like to nominate by WillerZ · · Score: 1

      More likely a penny-arcade reference. http://www.penny-arcade.com/view.php?date=2005-09- 21&res=l is the latest in the FF2000 series.

      --
      I guess today is a passable day to die.
    4. Re:I'd like to nominate by Incadenza · · Score: 1

      Ignorant me. Makes note: Must read more comic strips.

  8. Welcome, if not overdue by Sv-Manowar · · Score: 4, Insightful

    If this step does anything to simplify the myriad of naming schemes provided by security & antivirus companies, then its more than welcome. Working out exactly what worms have which effects is hard enough without the confusion of complex names and differing schemes. However, the voluntary nature of this new naming scheme may mean it sits alongside the current identifiers and names, which would significantly lessen its effect. I guess only time will tell which way the companies decide to go..

    --
    Business Voyeur
  9. What? by Overly+Critical+Guy · · Score: 3, Funny

    What's an "internet worm?"

    Signed,
    Every OS X user

    --
    "Sufferin' succotash."
    1. Re:What? by Mancat · · Score: 3, Funny

      What is "Mac OS X?"

      Signed,
      Ninety Percent of the Personal Computing Consumer Market

      --
      hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?
    2. Re:What? by Rosco+P.+Coltrane · · Score: 0, Redundant

      What's OS X?

      Signed,
      97% of all computer users.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    3. Re:What? by Have+Blue · · Score: 3, Funny

      Something really awesome.

      Signed,
      The Top Ten Percent of the Personal Computing Consumer Market

    4. Re:What? by R3d+M3rcury · · Score: 1

      Something that doesn't affect you, as long as you've applied this patch.

    5. Re:What? by drsquare · · Score: 1

      Something very expensive and lacking in functionality.

      Signed,
      Sandal-wearing, turtle-neck jumpered, left-wing, limp-wristed graphic designers who pay half a day's wages for a cup of sugary coffee from a trendy cafe.

    6. Re:What? by Anonymous Coward · · Score: 0

      Gee...does 97% include all the ATMs, cash registers, and linux and 'nix re-installs as Windows 'users'?

    7. Re:What? by Kent+Recal · · Score: 1

      Internet bites worm.

      Signed,
      In Soviet Russia

  10. Politics? by gmuslera · · Score: 0, Offtopic

    Why the article is in that section?

  11. Naming Worms - Virii's pride by Fox_1 · · Score: 3, Insightful

    To be honest I imagine it's pretty kewl to have created a nasty piece of software that takes down millions of computers and costs billions in damages. At least in a perfect world where everybody is happy, corners are round and nobody ever gets hurt. It's even cooler if the virus you create gets a name like 'code red' or 'blaster' or 'buddy the smackhappy clown' and gets all sort of media coverage and everybody recognizes the name. I maen that's pretty awesome. So I hope that this naming system the 'Common Malware Enumeration' , makes names that are as exciting as it's own. In other words, boring. Take away some of the fun that the virus writers have been enjoying from their nasty little creations.

    --
    The rock, the vulture, and the chain
    1. Re:Naming Worms - Virii's pride by Locke2005 · · Score: 4, Funny

      You mean, you're not likely to brag about being the creator of the "Sociopath trying to compensate for tiny penis" worm?

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:Naming Worms - Virii's pride by Vellmont · · Score: 1


      So I hope that this naming system the 'Common Malware Enumeration' , makes names that are as exciting as it's own.

      It's not a naming scheme, it's an enumeration scheme. The "names" will be CME-123 for instance. There's still need for a common name for a virus to be referred to as.

      --
      AccountKiller
    3. Re:Naming Worms - Virii's pride by jayloden · · Score: 2, Insightful

      I have to agree with you whole-heartedly here. I make a virus removal tool in my spare time that deals with IM-specific viruses. There was one virus that I was able to track back to the author (which is a whole nother story), and he got a little upset when I pointed out his name and contact info on my website for infected users to contact him. Shortly thereafter, "someone" attempted to access both my gmail account and free DNS accounts and reset the passwords, among other threats and such that I received.

      This virus evidently shared code with some other virii that had come before it, to the point of the same name in a registry key/file. As such, it was fairly clear that someone had "borrowed" some code. So, I decided to change the name of the virus to "The Copy Paste" virus, with the intended results of making the author even more upset. It is most definitely very much a pride issue with virus authors, and I think you're correct in your assertion that keeping the name boring helps prevent the "cool" factor from being quite so high.

    4. Re:Naming Worms - Virii's pride by ozbird · · Score: 1

      YAWN - Yet Another Worm Name.

    5. Re:Naming Worms - Virii's pride by NickBilo · · Score: 1

      Actually names will be like W32/Bagle.A!CME-123 or WORM_BAGLE.B!M123 etc... either that or name will continue to be W32/Bagle.A but it will have an ALIAS of CME-123 on the antivirus vendor website.

    6. Re:Naming Worms - Virii's pride by GrumpySimon · · Score: 1

      It's not going to work - sure the official name will be CME-1234etc but it will still have some k3wl script kiddy name. This means the media will use THAT term instead of the boring CME name. Face it - the next worm to break into the 15 seconds of media attention won't be CME-xyz but CME-xyz AKA "secret elite name that sounds scary and weird to average people".

      --
      henry -- the human evolution news relay
    7. Re:Naming Worms - Virii's pride by arbitraryaardvark · · Score: 1

      So, from that angle, is my idea about naming them after congresscritters a good or bad idea?

  12. Not hard to do by Red+Flayer · · Score: 2, Interesting

    Why don't we just use the Linnean system?

    I'm all about latin names for malware -- for one thing, malware creators won't feel so cool when their piece of code gets designated "Caenorhabditis Crapiticus" of the phylum Nematoda.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  13. Ya know... by Shadow+Wrought · · Score: 2, Interesting

    It's not a like a hurricane in which everyone can agree on which worm is which. How do you know that Worm Bob really is an unique new worm, and not just a variant of Worm Jimbo? And what happens when the 21 names run out?

    --
    If brevity is the soul of wit, then how does one explain Twitter?
    1. Re:Ya know... by rodoke3 · · Score: 1

      Plus if they had a finite namespace, it would probably be a PR nightmare when virus writers exhausted it.

      I imagine there would be some kind of honor in writing the "omega-omega-omega-omega-shit"* worm.

      --
      There's nothing like a good gunfight to uplift the spirit--Calvin
    2. Re:Ya know... by drsquare · · Score: 1

      Well, how do you know that Rita isn't just the follow-through of Katrina?

  14. Good first step, common name still needed though. by Vellmont · · Score: 2, Insightful

    It's great that there will be at least one recognized identifier for worms, but when people talk about the worm are they really going to refer to it as CME-123 (for example)? There still needs to be a common name that's accepted. We don't for instance have 15 different names for chicken pox. The virus is called varicella-zoster, or human herpes virus 3. Everyone knows what chicken pox is though.

    --
    AccountKiller
  15. Viral Thoughts. by Anonymous Coward · · Score: 0

    "...this identifier should help people determine which pest is hitting their systems and whether they are protected ..."

    Linux zealots. Immunize with a double dose of "Business at the speed of thought" and "The Road Ahead".

  16. Let's use AOL disk passwords by G4from128k · · Score: 3, Funny

    Instead of hard-to-remember ID numbers for malware, why not use those funky passwords that AOL puts on their CDs for creating new accounts. I'd like to here about viruses names such as WONTON-FLOES or GRAVEL-TAPE, to use two passwords from recently mailed AOL CDs.

    --
    Two wrongs don't make a right, but three lefts do.
    1. Re:Let's use AOL disk passwords by denbesten · · Score: 1
      ... use AOL disk passwords for viruses names ...

      But there are thousands of viruses discovered every year. Where would one come up with thousands of AOL CDs to extract names?

      ... oh ... Nevermind.

  17. Off topic Norton rant! by Humorously_Inept · · Score: 2, Insightful

    What will the agreed-upon name be for that piece of malware? Seems like Norton's more tenacious than and presents a larger array of system-wide issues to users than do the many of the viruses/worms/trojans it's supposed to protect against.

    --

    ~Someday, I hope to be an aspiring author.
    1. Re:Off topic Norton rant! by crabpeople · · Score: 1

      use norton corporate. thin lightweight and non intrusive.

      --
      I'll just use my special getting high powers one more time...
  18. What is a virius? by Anonymous Coward · · Score: 0

    Is it the Roman equivalent of Sirius? What is it? I see people using the word "virii", but nobody has ever said what a virius is.

  19. CARO? by Leebert · · Score: 2, Interesting

    Whatever happened to the Compute Antivirus Research Organization (CARO)? I thought they were the de facto standard for naming of viruses.

    1. Re:CARO? by Anonymous Coward · · Score: 2, Informative

      Yes, I wondered about that as well. The CARO system has worked well for a long time now, and there have been a number of initiatives to regularise the virus naming taxonomy - I remember Jim Bates coming up with one in the 80s, which was all numeric!

      The problem is that the researcher working on a virus has to name it very rapidly. Viruses are often varients of others, so you need expertise in name allocation - it can only be done by the researchers. I would have though that the CARO system had sorted out all the bugs by now. Perhaps the US Cert are just tagging on the coat tails of CARO?

      Incidently, for anyone who wants to translate virus names from one product to another, the indistry tool of choice is VGREP, which can be found here - http://www.virusbtn.com/news/vb_news/2005/02_10.xm l

    2. Re:CARO? by NickBilo · · Score: 1

      As someone who works in the industry I can comment: CARO developed the naming standard (e.g. W32/FamilyName.Variant@reference) not the actual names for the malware. CARO members run a discussion forum that actually will decide which new malware warrants a new CME IDs. So CARO and other Antivirus groups all collaborate on this.

  20. Worm naming... by jemenake · · Score: 3, Insightful

    Are they going to use alphabetical-ordered human names like with hurricanes?

    Can't you just see the newspaper headlines already? "Worm Andrew Batters Microsoft Servers! The worm overtopped firewalls and flooded into data-centers throught the country. Emergency officials said that it will take a week to repair the firewalls and begin letting users back into the data..."

  21. Please mod parent up. by msauve · · Score: 2, Informative
    For the sake of language.

    http://linuxmafia.com/~rick/faq/plural-of-virus.ht ml

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  22. i can... by KillShill · · Score: 1

    name that worm in 3 infections.

    --
    Science : Proprietary , Knowledge : Open Source
    1. Re:i can... by Anonymous Coward · · Score: 0

      name that worm in 2 infections.

  23. Re:Sinners and Sin by Anonymous Coward · · Score: 0

    Hate the worms and love the worm writers? Or hate the writers and love the worms? Hate windows and love the worms?
     
    ...Oh wait...

    Motherland Russia!!!

  24. How is this any different? by Anonymous Coward · · Score: 1, Insightful

    How is this any different from using a single firm for virus/worm names?

    If I always look at the AVG name of whatever gobbledygook is out there, it doesn't matter what else it's called. If i'm searching for info on it, other vendors will have the Symantec / McAfee / TrendMicro / YourMomAV name alongside their own.

    It's just another "vendor" name to add to the list:

    Vendor A calls it this
    Vendor B calls it this
    Vendor C calls it this
    Government A calls it this

  25. Much like Common Vulnerabilities & Exposures ( by Josh+Triplett · · Score: 1

    This project is likely intended to do for viruses, spyware, and other malicious programs what CERT's existing Common Vulnerabilities and Exposures (CVE) does for security issues. CVE has attained widespread acceptance for use in unique and unambiguous identification of security issues; hopefully this project will have the same level of success.

  26. Re:Good first step, common name still needed thoug by Anonymous Coward · · Score: 1, Insightful

    hmm... all they really need is ONE common base name.

    windows _________

    windows killer
    windows stopper
    windows blaster
    windows wiper
    windows zapper
    windows destroyer
    windows billyboygonemad
    windows replacer (aka linux)

  27. I will hold him... by isecore · · Score: 1

    and cuddle him and call him George.

    --
    I enjoy large posteriors and I cannot prevaricate.
  28. Just use the same naming system by Orion+Blastar · · Score: 1

    they use for hurricanes. It is very simple, just name them after the ex-boyfriends and ex-girlfriends of every employee in the organization that names such things.

    "Katrina discovered that I was cheating on her with Rita? I'll show them both after I get my organization to name hurricanes after them!" -Anonymous Weather Scientist

    Perhaps they can name them after strippers, like the Melissa worm was named? Better yet, how about celebrities? I got infected with the Tom Cruse worm. Yeah well I got infected with Paris Hilton worm. :)

    --
    Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
    1. Re:Just use the same naming system by Anonymous Coward · · Score: 0

      they use for hurricanes. It is very simple, just name them after the ex-boyfriends and ex-girlfriends of every employee in the organization that names such things.

      How on a cotton picking minute we are talking about security researchers who spend their lives in darkend offices so we would soon run out of names to use. "every employee in the organization" you say... oh well I guess that would include the slut on the reception desk so just expect lots of viruses named after brain dead muscle heads with names like Brad.

      Yeah well I got infected with Paris Hilton worm. :)
      I would like to infect Paris Hilton with my worm ;-)

  29. A futile effort by sd_diamond · · Score: 2

    Usually when I get to the point where I feel like naming the worm, I'm already near the end of the bottle so I'm not likely to remember what name I come up with.

  30. * "&-o-m-e-g-a;" kept getting eaten. by rodoke3 · · Score: 1

    nt

    --
    There's nothing like a good gunfight to uplift the spirit--Calvin
  31. Standardize a format by MECC · · Score: 1

    softwareproduct-year-n

    where year is the year, and n is count of worms/viruses/trojans/ that have hit that product that year.

    Ex:

    Internet explorer-2001-55
    Microsoft Excel-1999-33
    Firefox-2004-44
    MacOSX--2005-2
    windows-2003-666

    Oh, and people would be all better off just leaving computers alone for the holidays...

    --
    "We are all geniuses when we dream"
    - E.M. Cioran
  32. Seldon Naming by SEWilco · · Score: 1

    I lean toward Harry Seldon's naming approach: "Idiot number 1", "Idiot number 2", etc. For both a virus creator and their product. His emperor's approach of following that with execution is an optional enhancement.

  33. And more importantly: do you recycle lists? by ArsenneLupin · · Score: 1
    Hurricane name lists are recycled every 6 years (except for names that stood for particularly well devastating hurricanes; these are replaced by new ones).

    For Hurricanes, this makes sense, because hurricanes only exist for a couple of weeks each. Viruses on the other hand may well still be active 6 years after...

  34. Re:Good first step, common name still needed thoug by Mathness · · Score: 1

    Everyone knows what chicken pox is though.

    Unless you are not from an English speaking nation, in which case varicella-zoster makes more sense.

    --
    Carbon based humanoid in training.
  35. Mac fanboi mods on crack yet again. by titzandkunt · · Score: 1

    Mac fanboi mods on crack yet again.

    --
    Political language ... is designed to make lies sound truthful and murder respectable...
  36. Re:Much like Common Vulnerabilities & Exposure by Arthen · · Score: 1

    I think you're exactly right that CME is trying to do for malware identifiers what CVE has done for vulnerability ids. CVE's adoption is a good example of how a voluntary standard can make real progress. Seems from the article that the major players (Symantec, McCaffee, Trend Micro, Kaspersky) are already on board with CME, too, which is very encouraging.

    One clarification, though: I believe CVE is run by MITRE, and funded by US-CERT. CERT/CC uses CVE IDs in their publications, but doesn't control the effort. (Not sure who you meant by "CERT.")