Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blackworm Dud Highlights Virus Naming Mess

Posted by Zonk on from the virus-20313 dept.

An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"

11 of 108 comments (clear)

  1. I agree by b4k3d+b34nz · · Score: 5, Funny

    They should have just had everyone call it the Sex for Gymnasts virus.

    --
    Grammar Lesson: you're is a contraction of "you are"; your means you possess something; yore means days gone by.
    1. Re:I agree by hey! · · Score: 4, Insightful

      Well, it seems to me that you just need to use some kind of hierarchical naming scheme, e.g.

      com.symantec.virusdb.mydoom
      com.symantic.virusdb.mydoom.variant1
      com.symantic.virusdb.mydoom.variant2 ...

      This allows the vendors to respond quickly. Then each vendor can also maintain a "thesaurus" of equivalents with other naming authorities,e.g.:

      com.symantic.virusdb.mydoom==org.cert.virus.2004.1
      com.symantic.virusdb.mydoom.variant1==org.cert.vir us.2004.1.2

      Then Symantec reports that you have com.symantic.virusdb.mydoom.variant2, you can check their thesaurus; if you don't find the exact variant, you could still figure out its a form of org.cert.virus.2004.1 that hasn't been named by that authority.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  2. Hej! by Krach42 · · Score: 5, Funny

    Hej! Mi povas paroli esperanto, you insensitive clod!

    --

    I am unamerican, and proud of it!
  3. Why not assign every virus an ID number? by l33t.g33k · · Score: 4, Insightful

    Really, I think this would simplify things a bit. Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number that their anti-virus software reports, and be able get whatever info they need about the virus. The current naming conventions are very confusing for some people.

    --
    My sig is permanently on strike.
    1. Re:Why not assign every virus an ID number? by AKAImBatman · · Score: 4, Insightful

      Three comedians are shooting the breeze at the back of a nightclub after a late gig. They've heard one another's material so much, they've reached the point where they don't need to say the jokes anymore to amuse each other - they just need to refer to each joke by a number. "Number 37!" cracks the first comic, and the others break up. ""Number 53!" says the second guy, and they howl. Finally, it's the third comic's turn. "44!" he quips. He gets nothing. Crickets. "What?" he asks, "Isn't 44 funny?" "Sure, it's usually hilarious," they answer. "But the way you tell it..."

      So, did you hear about virus #2451-23123.2134-A? I hear it's going to be a doozy! :-P

      --
      Javascript + Nintendo DSi = DSiCade
    2. Re:Why not assign every virus an ID number? by MightyMartian · · Score: 4, Funny

      I think they should just name them DontopeneveryfuckingemailyoufuckingretardA, DontopeneveryfuckingemailyoufuckingretardB, DontopeneveryfuckingemailyoufuckingretardC and so on...

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    3. Re:Why not assign every virus an ID number? by Have+Blue · · Score: 5, Funny

      Better version:

      So this guy takes his girlfriend to an engineers' comedy club, but when the act starts, she's confused because the guy on stage is just shouting out numbers and getting laughs from the crowd each time. She asks what's so funny, and her boyfriend explains that they have indexed every joke in the world and assigned each one an ID number, so when he says a number he's telling that joke. This goes on for a while until the end, when the comedian shouts a certain number that really brings the house down, roaring, cheering, standing ovation, the works. The girl asks what was so funny about it. The boyfriend replies, "We've never heard that one before."

  4. Virus Naming Conventions by SilentOneNCW · · Score: 5, Insightful

    Assigning viruses numbers is an interesting idea, making tracking viruses easier in some ways, but much harder in others. For example, one couldn't say on the Nightly News: "Virus #34932423 has recently stricken the Internet, destroying the International Llama Foundation's forums and redirecting all Google search results to the federal government. Watch out, folks, #34932423 is a real nasty!" If the authorities do not name viruses, they will be given names by the common people to make communication easier. Much better to have an organization give each virus a name that has some chance of making sense, rather than having the masses choose a name that may or may make any sense, i.e. "the blue screen of death virus has hit again!"

    --
    games journalism blog
  5. Re:The naming confusion... by Anonymous Coward · · Score: 4, Funny

    Virus names need to be more insulting to the creators. Some little script kidde is not going to be very proud to have written the "NeverKissedAGirl" virus.

  6. The problem with variants: cladisitics by G4from128k · · Score: 4, Interesting

    The problem is all the variants of a given malware. For most users, the signature of the payload is less meaningful than the subject line of the e-mail. A virus email that promises Kama Sutra pictures is "different" from one promising Miss Lebanon even if the underlying payload and behavior is identical.

    Perhaps AV experts need to use cladistics with a standardized set of feature dimensions. A cladogram of the virus varients and some threshold distance in feature-space would help segment similar and dissimilar malware.

    I actually don't hold out much hope for this because malware is an adaptive threat. Malware creators might (and do) easily take steps to obfuscate their warez -- creating spurious variants for the express purpose of confusing AV software, news reporting, and users. The more variants that appear, the harder it is to counter the threat.

    --
    Two wrongs don't make a right, but three lefts do.
  7. Slightly OT by TubeSteak · · Score: 4, Insightful
    Even though the article comes from blogs.washingtonpost.com, they threw in links to Wikipedia :O)

    http://en.wikipedia.org/wiki/Sisyphus
    http://en.wikipedia.org/wiki/Tower_of_Babel

    To stay ontopic, here's the list of companies and the name they picked for this virus
    Authentium: W32/Kapser.A@mm
    AVIRA: Worm/KillAV.GR
    CA: Win32/Blackmal.F
    Fortinet: W32/Grew.A!wm
    F-Secure: Nyxem.E
    Grisoft: Worm/Generic.FX
    H+BEDV: Worm/KillAV.GR
    Kaspersky: Email-Worm.Win32.Nyxem.e
    McAfee: W32/MyWife.d@MM
    Microsoft: Win32/Mywife.E@mm
    Norman: W32/Small.KI
    Panda: W32/Tearec.A.worm
    Sophos: W32/Nyxem-D
    Symantec: W32.Blackmal.E@mm
    TrendMicro: WORM_GREW.A
    So who was calling it "Kama Sutra" ?
    --
    [Fuck Beta]
    o0t!