Blackworm Dud Highlights Virus Naming Mess

← Back to Stories (view on slashdot.org)

Blackworm Dud Highlights Virus Naming Mess

Posted by Zonk on Friday February 3, 2006 @10:24AM from the virus-20313 dept.

An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"

28 of 108 comments (clear)

Min score:

Reason:

Sort:

I agree by b4k3d+b34nz · 2006-02-03 10:27 · Score: 5, Funny

They should have just had everyone call it the Sex for Gymnasts virus.

--
Grammar Lesson: you're is a contraction of "you are"; your means you possess something; yore means days gone by.
1. Re:I agree by Debiant · 2006-02-03 10:33 · Score: 2, Funny
  
  What about 'Huge black worm between legs'? It summarises both suggested in a one sentence.
  
  --
  Nobody knows the trouble I've seen, nobody knows has the trouble seen me, even I sometimes wonder why I write these line
2. Re:I agree by hey! · 2006-02-03 10:58 · Score: 4, Insightful
  
  Well, it seems to me that you just need to use some kind of hierarchical naming scheme, e.g.
  
  com.symantec.virusdb.mydoom
  com.symantic.virusdb.mydoom.variant1
  com.symantic.virusdb.mydoom.variant2 ...
  
  This allows the vendors to respond quickly. Then each vendor can also maintain a "thesaurus" of equivalents with other naming authorities,e.g.:
  
  com.symantic.virusdb.mydoom==org.cert.virus.2004.1
  com.symantic.virusdb.mydoom.variant1==org.cert.vir us.2004.1.2
  
  Then Symantec reports that you have com.symantic.virusdb.mydoom.variant2, you can check their thesaurus; if you don't find the exact variant, you could still figure out its a form of org.cert.virus.2004.1 that hasn't been named by that authority.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Hej! by Krach42 · 2006-02-03 10:28 · Score: 5, Funny

Hej! Mi povas paroli esperanto, you insensitive clod!

--

I am unamerican, and proud of it!
Why not assign every virus an ID number? by l33t.g33k · 2006-02-03 10:30 · Score: 4, Insightful

Really, I think this would simplify things a bit. Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number that their anti-virus software reports, and be able get whatever info they need about the virus. The current naming conventions are very confusing for some people.

--
My sig is permanently on strike.
1. Re:Why not assign every virus an ID number? by AKAImBatman · 2006-02-03 10:34 · Score: 4, Insightful
  
  Three comedians are shooting the breeze at the back of a nightclub after a late gig. They've heard one another's material so much, they've reached the point where they don't need to say the jokes anymore to amuse each other - they just need to refer to each joke by a number. "Number 37!" cracks the first comic, and the others break up. ""Number 53!" says the second guy, and they howl. Finally, it's the third comic's turn. "44!" he quips. He gets nothing. Crickets. "What?" he asks, "Isn't 44 funny?" "Sure, it's usually hilarious," they answer. "But the way you tell it..."
  
  So, did you hear about virus #2451-23123.2134-A? I hear it's going to be a doozy! :-P
  
  --
  Javascript + Nintendo DSi = DSiCade
2. Re:Why not assign every virus an ID number? by 99BottlesOfBeerInMyF · 2006-02-03 10:44 · Score: 3, Informative
  
  Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number
  
  They did that. Its called the CME, or Common Malware Enumeration number. Blackworm was long ago numbered CME-24. The problem is the press does not generally include this number in their press releases and instead uses one of the many names different companies come up with. Also, most end-user anti-virus programs haven't bothered to include CME's in the user visible parts of their applications.
3. Re:Why not assign every virus an ID number? by MightyMartian · 2006-02-03 10:47 · Score: 4, Funny
  
  I think they should just name them DontopeneveryfuckingemailyoufuckingretardA, DontopeneveryfuckingemailyoufuckingretardB, DontopeneveryfuckingemailyoufuckingretardC and so on...
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
4. Re:Why not assign every virus an ID number? by TubeSteak · 2006-02-03 11:06 · Score: 2, Funny
  
  Assuming you just keep tacking on letters, one day you'll get a virus named DontopeneveryfuckingemailyoufuckingretardNOT
  
  --
  [Fuck Beta]
  o0t!
5. Re:Why not assign every virus an ID number? by Have+Blue · 2006-02-03 11:17 · Score: 5, Funny
  
  Better version:
  
  So this guy takes his girlfriend to an engineers' comedy club, but when the act starts, she's confused because the guy on stage is just shouting out numbers and getting laughs from the crowd each time. She asks what's so funny, and her boyfriend explains that they have indexed every joke in the world and assigned each one an ID number, so when he says a number he's telling that joke. This goes on for a while until the end, when the comedian shouts a certain number that really brings the house down, roaring, cheering, standing ovation, the works. The girl asks what was so funny about it. The boyfriend replies, "We've never heard that one before."
6. Re:Why not assign every virus an ID number? by Anonymous Coward · 2006-02-03 11:28 · Score: 2, Interesting
  
  Interestingly enough, they did. Replace the V with and M, and you get Common Malware Enumeration.
  
  And, just like CVE, no one uses it. Go US Department of Homeland Security!
7. Re:Why not assign every virus an ID number? by Mathness · 2006-02-03 12:28 · Score: 2, Funny
  
  I think they should just name them DontopeneveryfuckingemailyoufuckingretardA, DontopeneveryfuckingemailyoufuckingretardB, DontopeneveryfuckingemailyoufuckingretardC and so on...
  
  I see your point, but I don't think long, and hard to pronounce, Finnish words is they way to go.
  
  To you out there who doesn't understand Finnish, the words can roughly be tranlated to (I am a little rusty at this, so excuse any errors):
  I am a fricking virus/worm with a laser attached to my head, so don't fricking read this email.
  
  --
  Carbon based humanoid in training.
Kama Sutra Worm Hits Softly by Anonymous Coward · 2006-02-03 10:31 · Score: 2, Funny

Thank God. Imagine if Kama Sutra hit hardly. That would put microsoft in an aquard position...:)
The naming confusion... by undeadly · 2006-02-03 10:33 · Score: 3, Insightful

... is intentional. It is due to companies trying "differensiate" themselves from the competition, and very little to do with increasing the security of their paying customers. Quite simply: it is marketing.
1. Re:The naming confusion... by Anonymous Coward · 2006-02-03 10:48 · Score: 4, Funny
  
  Virus names need to be more insulting to the creators. Some little script kidde is not going to be very proud to have written the "NeverKissedAGirl" virus.
$$$ @ Work by Nom+du+Keyboard · 2006-02-03 10:34 · Score: 2

a new U.S.-government funded initiative to introduce some sanity into the virus-naming business.
Wow (not WoW)! My tax dollars at work. I am so thrilled now!

--
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
No headlines. by IAAP · 2006-02-03 10:36 · Score: 2, Insightful

It wouldn't be as attention grabbing.
What do you think sells more papers:
The "Cyber Herpes" virus is coming!
or, "5437B" is coming!
Virus Naming Conventions by SilentOneNCW · 2006-02-03 10:38 · Score: 5, Insightful

Assigning viruses numbers is an interesting idea, making tracking viruses easier in some ways, but much harder in others. For example, one couldn't say on the Nightly News: "Virus #34932423 has recently stricken the Internet, destroying the International Llama Foundation's forums and redirecting all Google search results to the federal government. Watch out, folks, #34932423 is a real nasty!" If the authorities do not name viruses, they will be given names by the common people to make communication easier. Much better to have an organization give each virus a name that has some chance of making sense, rather than having the masses choose a name that may or may make any sense, i.e. "the blue screen of death virus has hit again!"

--
games journalism blog
IVSC by Randall311 · 2006-02-03 10:39 · Score: 2, Insightful

They should have an International Virus Standards Committee, so that we can waste lots of time and money deciding what the next virus should be named...

My point is, who cares what it's named! A mass mailing worm is just that. Shouldn't matter if you call it "Blackworm" or "You got f'ed in the a". If it walks like a duck and talks like a duck...
Let's ask the Anti-Virus Companies... by digitaldc · 2006-02-03 10:48 · Score: 3, Funny

...to see if they will promise to use only one name & abbreviation next time:

'Latest Overhyped VIrus Threat' or 'LOVIT'

--
He who knows best knows how little he knows. - Thomas Jefferson
Numbered Viruses by conteXXt · 2006-02-03 10:51 · Score: 2, Insightful

Oh boy this is a great idea.

Three genus(es?) = os

Microsoft
Linux
MAC

species = app
ie
etc...

phylum = number (increment)

now here is the kicker: Microsoft will have a canary.

as the numbers will hit the MAXINT for a 32bit OS

newscaster: "MSIE999999999999999 was found in the wild today"

producer: "mumble mumble"

newscaster: "sorry that was MSIE 10 to the power of 999999999999"

--
The truth about Led Zep should never be told on /. (Karma suicide ensues)
The problem with variants: cladisitics by G4from128k · 2006-02-03 10:54 · Score: 4, Interesting

The problem is all the variants of a given malware. For most users, the signature of the payload is less meaningful than the subject line of the e-mail. A virus email that promises Kama Sutra pictures is "different" from one promising Miss Lebanon even if the underlying payload and behavior is identical.

Perhaps AV experts need to use cladistics with a standardized set of feature dimensions. A cladogram of the virus varients and some threshold distance in feature-space would help segment similar and dissimilar malware.

I actually don't hold out much hope for this because malware is an adaptive threat. Malware creators might (and do) easily take steps to obfuscate their warez -- creating spurious variants for the express purpose of confusing AV software, news reporting, and users. The more variants that appear, the harder it is to counter the threat.

--
Two wrongs don't make a right, but three lefts do.
The language is now a virus... by __aaclcg7560 · 2006-02-03 10:55 · Score: 3, Informative

Esperanto is now a virus? I hope it catches on quicker than it was as a language. Otherwise, it'll take 50 years to get anywhere.
Slightly OT by TubeSteak · 2006-02-03 11:00 · Score: 4, Insightful

Even though the article comes from blogs.washingtonpost.com, they threw in links to Wikipedia :O)

http://en.wikipedia.org/wiki/Sisyphus
http://en.wikipedia.org/wiki/Tower_of_Babel

To stay ontopic, here's the list of companies and the name they picked for this virus
Authentium: W32/Kapser.A@mm
AVIRA: Worm/KillAV.GR
CA: Win32/Blackmal.F
Fortinet: W32/Grew.A!wm
F-Secure: Nyxem.E
Grisoft: Worm/Generic.FX
H+BEDV: Worm/KillAV.GR
Kaspersky: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/Mywife.E@mm
Norman: W32/Small.KI
Panda: W32/Tearec.A.worm
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
TrendMicro: WORM_GREW.A
So who was calling it "Kama Sutra" ?

--
[Fuck Beta]
o0t!
Standards start at the grassroots by Vellmont · 2006-02-03 11:21 · Score: 2, Interesting

I'm sure the big Antivirus guys will resist tooth and nail any external change like the CME numbers. As the article says, they aren't the target for this naming scheme, the people who have to deal with these viruses (like a lot of us slashdotters) are the real people who benefit. With a common naming that us end users can agree on we can finally communicate about what virus is what, instead of having some giant table to translate all the time. People will still use the more common names in the press, etc.

The CME number will be like the scientific name of a plant or animal. Specialized to a certain group, but entirely definitive. The antivirus vendors will all eventually have to start publishing a CME identifier with each virus so any administrator will know "what the hell virus is that?".

--
AccountKiller
Cause or effect? by nurb432 · 2006-02-03 11:38 · Score: 2, Interesting

Was it a dud beacuse it was nothing to worry about in the first place and the hype was overrated?

or was it a dud beacuse of all the hype and people patched beforehand?

--
---- Booth was a patriot ----
VGrep by salvorHardin · 2006-02-03 12:33 · Score: 2, Informative

Isn't this exactly what VGrep was designed to sort out?
Hurricane names? by serodores · 2006-02-03 13:00 · Score: 2, Insightful

Don't they already have a naming convention in place for hurricanes? The World Meteorological Organization has been doing this for years. Given the backing of CERT for vulnerability incident descriptions, details, and classifications, why can't they organize a unique naming convention already used for hurricanes?
Sure, they may run out of names, but they can reuse names as they do for hurricane names, with the exception of widespread popular hurricanes/worms/virii, which can be retired, just like some hurricane names.