Slashdot Mirror

← Back to Stories (view on slashdot.org)

Name That Worm

Posted by Zonk on from the more-sense-less-clutter dept.

Ant wrote to mention a C|NET article reporting on the Common Malware Enumeration (CME) initiative, now emerging from its test phase. From the article: "Next month, the U.S. Computer Emergency Readiness Team (CERT) plans to officially take the wraps off the effort, meant to reduce the confusion caused by the different names security companies give worms, viruses and other pests. The project assigns a unique identifier to a particular piece of malicious software. When included in security software, in alerts and in virus encyclopedia entries, this identifier should help people determine which pest is hitting their systems and whether they are protected ..."

22 of 80 comments (clear)

  1. Proposal by b100dian · · Score: 2, Interesting

    Run all antiviruses on a machine.
    Exec the worm.
    Blitblt the screenshot into an OCR buffer.
    Compute the name of the worm

    extra step: see if all AVs fired: if not so, the naming can become "AV killer"

    --
    gtkaml.org
  2. Compliance will be an issue... by Anonymous Coward · · Score: 2, Interesting

    I think the most difficult part of this proposal will be getting the virus writers to include the unique identifier in their code. Besides, isn't the evil bit already supposed to take care of this issue?

  3. I'd like to nominate by Anonymous Coward · · Score: 3, Funny

    The use of the name "FruitFucker 2000".

    Thank you and good nite

    1. Re:I'd like to nominate by Tackhead · · Score: 4, Funny
      > I'd like to nominate
      > The use of the name "FruitFucker 2000".

      Sure thing, but we'll have to wait until my OS X box gets hit.

  4. Welcome, if not overdue by Sv-Manowar · · Score: 4, Insightful

    If this step does anything to simplify the myriad of naming schemes provided by security & antivirus companies, then its more than welcome. Working out exactly what worms have which effects is hard enough without the confusion of complex names and differing schemes. However, the voluntary nature of this new naming scheme may mean it sits alongside the current identifiers and names, which would significantly lessen its effect. I guess only time will tell which way the companies decide to go..

    --
    Business Voyeur
  5. What? by Overly+Critical+Guy · · Score: 3, Funny

    What's an "internet worm?"

    Signed,
    Every OS X user

    --
    "Sufferin' succotash."
    1. Re:What? by Mancat · · Score: 3, Funny

      What is "Mac OS X?"

      Signed,
      Ninety Percent of the Personal Computing Consumer Market

      --
      hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?
    2. Re:What? by Have+Blue · · Score: 3, Funny

      Something really awesome.

      Signed,
      The Top Ten Percent of the Personal Computing Consumer Market

  6. Naming Worms - Virii's pride by Fox_1 · · Score: 3, Insightful

    To be honest I imagine it's pretty kewl to have created a nasty piece of software that takes down millions of computers and costs billions in damages. At least in a perfect world where everybody is happy, corners are round and nobody ever gets hurt. It's even cooler if the virus you create gets a name like 'code red' or 'blaster' or 'buddy the smackhappy clown' and gets all sort of media coverage and everybody recognizes the name. I maen that's pretty awesome. So I hope that this naming system the 'Common Malware Enumeration' , makes names that are as exciting as it's own. In other words, boring. Take away some of the fun that the virus writers have been enjoying from their nasty little creations.

    --
    The rock, the vulture, and the chain
    1. Re:Naming Worms - Virii's pride by Locke2005 · · Score: 4, Funny

      You mean, you're not likely to brag about being the creator of the "Sociopath trying to compensate for tiny penis" worm?

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:Naming Worms - Virii's pride by jayloden · · Score: 2, Insightful

      I have to agree with you whole-heartedly here. I make a virus removal tool in my spare time that deals with IM-specific viruses. There was one virus that I was able to track back to the author (which is a whole nother story), and he got a little upset when I pointed out his name and contact info on my website for infected users to contact him. Shortly thereafter, "someone" attempted to access both my gmail account and free DNS accounts and reset the passwords, among other threats and such that I received.

      This virus evidently shared code with some other virii that had come before it, to the point of the same name in a registry key/file. As such, it was fairly clear that someone had "borrowed" some code. So, I decided to change the name of the virus to "The Copy Paste" virus, with the intended results of making the author even more upset. It is most definitely very much a pride issue with virus authors, and I think you're correct in your assertion that keeping the name boring helps prevent the "cool" factor from being quite so high.

  7. Re:In Soviet Russia.. by eklitzke · · Score: 5, Insightful

    Can people NOT moderate these as funny? Because really, they're not.

    --
    #include ".signature"
  8. Not hard to do by Red+Flayer · · Score: 2, Interesting

    Why don't we just use the Linnean system?

    I'm all about latin names for malware -- for one thing, malware creators won't feel so cool when their piece of code gets designated "Caenorhabditis Crapiticus" of the phylum Nematoda.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  9. Ya know... by Shadow+Wrought · · Score: 2, Interesting

    It's not a like a hurricane in which everyone can agree on which worm is which. How do you know that Worm Bob really is an unique new worm, and not just a variant of Worm Jimbo? And what happens when the 21 names run out?

    --
    If brevity is the soul of wit, then how does one explain Twitter?
  10. Good first step, common name still needed though. by Vellmont · · Score: 2, Insightful

    It's great that there will be at least one recognized identifier for worms, but when people talk about the worm are they really going to refer to it as CME-123 (for example)? There still needs to be a common name that's accepted. We don't for instance have 15 different names for chicken pox. The virus is called varicella-zoster, or human herpes virus 3. Everyone knows what chicken pox is though.

    --
    AccountKiller
  11. Let's use AOL disk passwords by G4from128k · · Score: 3, Funny

    Instead of hard-to-remember ID numbers for malware, why not use those funky passwords that AOL puts on their CDs for creating new accounts. I'd like to here about viruses names such as WONTON-FLOES or GRAVEL-TAPE, to use two passwords from recently mailed AOL CDs.

    --
    Two wrongs don't make a right, but three lefts do.
  12. Off topic Norton rant! by Humorously_Inept · · Score: 2, Insightful

    What will the agreed-upon name be for that piece of malware? Seems like Norton's more tenacious than and presents a larger array of system-wide issues to users than do the many of the viruses/worms/trojans it's supposed to protect against.

    --

    ~Someday, I hope to be an aspiring author.
  13. CARO? by Leebert · · Score: 2, Interesting

    Whatever happened to the Compute Antivirus Research Organization (CARO)? I thought they were the de facto standard for naming of viruses.

    1. Re:CARO? by Anonymous Coward · · Score: 2, Informative

      Yes, I wondered about that as well. The CARO system has worked well for a long time now, and there have been a number of initiatives to regularise the virus naming taxonomy - I remember Jim Bates coming up with one in the 80s, which was all numeric!

      The problem is that the researcher working on a virus has to name it very rapidly. Viruses are often varients of others, so you need expertise in name allocation - it can only be done by the researchers. I would have though that the CARO system had sorted out all the bugs by now. Perhaps the US Cert are just tagging on the coat tails of CARO?

      Incidently, for anyone who wants to translate virus names from one product to another, the indistry tool of choice is VGREP, which can be found here - http://www.virusbtn.com/news/vb_news/2005/02_10.xm l

  14. Worm naming... by jemenake · · Score: 3, Insightful

    Are they going to use alphabetical-ordered human names like with hurricanes?

    Can't you just see the newspaper headlines already? "Worm Andrew Batters Microsoft Servers! The worm overtopped firewalls and flooded into data-centers throught the country. Emergency officials said that it will take a week to repair the firewalls and begin letting users back into the data..."

  15. Please mod parent up. by msauve · · Score: 2, Informative
    For the sake of language.

    http://linuxmafia.com/~rick/faq/plural-of-virus.ht ml

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  16. A futile effort by sd_diamond · · Score: 2

    Usually when I get to the point where I feel like naming the worm, I'm already near the end of the bottle so I'm not likely to remember what name I come up with.