Blackworm Dud Highlights Virus Naming Mess

An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"

Why not assign every virus an ID number?

[l33t.g33k]

Really, I think this would simplify things a bit. Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number that their anti-virus software reports, and be able get whatever info they need about the virus. The current naming conventions are very confusing for some people.

Re:Why not assign every virus an ID number?

[AKAImBatman]

Three comedians are shooting the breeze at the back of a nightclub after a late gig. They've heard one another's material so much, they've reached the point where they don't need to say the jokes anymore to amuse each other - they just need to refer to each joke by a number. "Number 37!" cracks the first comic, and the others break up. ""Number 53!" says the second guy, and they howl. Finally, it's the third comic's turn. "44!" he quips. He gets nothing. Crickets. "What?" he asks, "Isn't 44 funny?" "Sure, it's usually hilarious," they answer. "But the way you tell it..."

So, did you hear about virus #2451-23123.2134-A? I hear it's going to be a doozy! :-P

Virus Naming Conventions

[SilentOneNCW]

Assigning viruses numbers is an interesting idea, making tracking viruses easier in some ways, but much harder in others. For example, one couldn't say on the Nightly News: "Virus #34932423 has recently stricken the Internet, destroying the International Llama Foundation's forums and redirecting all Google search results to the federal government. Watch out, folks, #34932423 is a real nasty!" If the authorities do not name viruses, they will be given names by the common people to make communication easier. Much better to have an organization give each virus a name that has some chance of making sense, rather than having the masses choose a name that may or may make any sense, i.e. "the blue screen of death virus has hit again!"

Re:I agree

[hey!]

Well, it seems to me that you just need to use some kind of hierarchical naming scheme, e.g.

com.symantec.virusdb.mydoom
com.symantic.virusdb.mydoom.variant1
com.symantic.virusdb.mydoom.variant2 ...

This allows the vendors to respond quickly. Then each vendor can also maintain a "thesaurus" of equivalents with other naming authorities,e.g.:

com.symantic.virusdb.mydoom==org.cert.virus.2004.1
com.symantic.virusdb.mydoom.variant1==org.cert.vir us.2004.1.2

Then Symantec reports that you have com.symantic.virusdb.mydoom.variant2, you can check their thesaurus; if you don't find the exact variant, you could still figure out its a form of org.cert.virus.2004.1 that hasn't been named by that authority.

Slightly OT

[TubeSteak]

Even though the article comes from blogs.washingtonpost.com, they threw in links to Wikipedia :O)

http://en.wikipedia.org/wiki/Sisyphus
http://en.wikipedia.org/wiki/Tower_of_Babel

To stay ontopic, here's the list of companies and the name they picked for this virus

Authentium: W32/Kapser.A@mm
AVIRA: Worm/KillAV.GR
CA: Win32/Blackmal.F
Fortinet: W32/Grew.A!wm
F-Secure: Nyxem.E
Grisoft: Worm/Generic.FX
H+BEDV: Worm/KillAV.GR
Kaspersky: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/Mywife.E@mm
Norman: W32/Small.KI
Panda: W32/Tearec.A.worm
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
TrendMicro: WORM_GREW.A

So who was calling it "Kama Sutra" ?