Slashdot Mirror
You Think Discovering a Computer Virus Is Hard? Try Naming One (wsj.com)
Like astronomers who discover new stars, security experts who first identify computer bugs, viruses, worms, ransomware and other coding catastrophes often get to name their finds. Such discoveries now number in the thousands each year, so crafting a standout moniker can be a serious challenge. From a report: Two years ago, German security firm SerNet GmbH figured a punchy name for their bug discovery would give the company a publicity jolt. They called it Badlock, designed a fractured-lock logo and set up a website. The marketing push backfired when some security experts decided Badlock wasn't that bad. Cynical hackers called it Sadlock. "We would not do this again," says SerNet Chief Executive Johannes Loxen of the branding blitz, which he says was overkill because a relatively small number of people were affected by Badlock. Hackers are no fans of marketing. They brand things in their own way. Puns and historic references are the name of the game. "They see it as a kind of grass-roots initiative," says Gabriella Coleman, an anthropologist who teaches courses on hacker culture at McGill University in Montreal.
Some venerable names that have stood the test of time: The Love Bug, for the worm that attacked millions of Windows personal computers in 2000, and Y2K, a turn-of-the-century programming scare that didn't live up to its hype. Many names tend more toward geekspeak. The title of hacker magazine 2600 is a tip of the hat to 2600 hertz, the frequency old-school hackers reproduced to trick AT&T phone lines into giving them free calls. Computer worm Conficker is an amalgam of "configure" and a German expletive. Code Red is named after the Mountain Dew drink researchers guzzled while investigating the worm.
Some venerable names that have stood the test of time: The Love Bug, for the worm that attacked millions of Windows personal computers in 2000, and Y2K, a turn-of-the-century programming scare that didn't live up to its hype. Many names tend more toward geekspeak. The title of hacker magazine 2600 is a tip of the hat to 2600 hertz, the frequency old-school hackers reproduced to trick AT&T phone lines into giving them free calls. Computer worm Conficker is an amalgam of "configure" and a German expletive. Code Red is named after the Mountain Dew drink researchers guzzled while investigating the worm.
That's the ex-wife cause she fucks up everything she touches.
and the solution is the probably the same, too
People, stop naming malware and, more importantly, vulnerabilities. This is just plain fucking dumb.
There you have it. A cool name that reflects something current and hip.
Just point at the first cash register you see today.
Unless something gets a big public profile or it is "interesting" in some other way, just refer to it by a "formulaic" name, such as the CVE that first mentions it.
Isn't that what brought the downfall of the weather channel? Naming winter storms?
Or just use the same list as they do for hurricanes.
See! Easy as heck!
See title. Because that's what was in the code of the virus.
Could be worse.
There were a _lot_ of effort trying to reduce the Y2K problem, it succeeded and now it was all hype. Yeah...
Agreed. At work we deal with new vulnerabilities daily. Tuesday, Microsoft released patches for maybe 70 vulnerabilities, as they do each month. CVEs are fine.
Heart bleed we reference often enough that it's useful to have a memorable name, rather than trying to remember the CVE. Though even in such cases, it might be more useful to use the category names such as "padding oracle" instead of saying "similar to Logjam". That reminds us that Logjam is only a very specific case of a general problem. You can easily re-create something almost exactly like Logjam if you think Logjam was the problem, rather than padding oracles generally.
It's not the name that counts, it's how many hospitals you shut down in the process.
Science advances one funeral at a time- Max Planck
Aphex Twin has albums full of tracks named shit like "PWSteal.Bancos.Q" and "Trojan.KillAV.E".
The problem is soulless corporate automatons cant create anything.
Do they have a vaccine for whatever made you so fucking stupid yet, or is science ignoring the problems in your life?
"How to create maximum stir about this here tiny thing we found that's really only interesting for the most determined byte diddlers?"
"Oh, I know! Let's think up some scary names!"
Yeah, like calling yourself "hackers" when you're nothing but pfy s'kiddies, in mind if not in glorious neckbearded visage.
Or just have an imagination. Naming things isn't difficult, it's extremely easy.
KB09182735, KB084322356, KB090172248, etc.
Or just use the same list as they do for hurricanes.
You're going to need a longer list.
"That's the way to do it" - Punch
Malware does need names, because that's how you find info about them online. Everything online needs to have a name.
,,,,
The name should not just be an invention, however. If possible, it should relate to the content or the detection profile of the virus. We're not naming Linux utilities here...
Some years ago a PC of mine got a virus called the "fuck you" virus. The reason it was called that was because a couple of the major files in it were named "win32_fuck_you.exe", or "fuck_you_wd153.d" or whatever. A virus scanner picked it up only after it had gotten in, and it showed the files named this way,,,, so that was all the info I had to go on.
When I went to look online for more info, only one major antivirus company even had a web page about it. All the others wouldn't allow the word "fuck" in their reports or their online forums, and so they had no information about it at all.
And when managing online forums, that is still pretty common practice today.
I'm surprised it's not more of a problem.
2018-0001
2018-0002
Etc...
Likewise...only take the 'up' out.
There are only two hard things in Computer Science: cache invalidation and naming things. -- Phil Karlton
See, that wasn't too hard.
WINDOWS
virusMcVirusii
hackedMcHackery
screwedMcScrewery
etcMcetc...
easy as pie!
huh?
> Hackers are no fans of marketing
What about Heartbleed, Meltdown, Spectre, Shellshock, and.... well, that's all I've got.
I'm not taking advice from a company whose best attempt at naming *themselves* is "SerNet GmbH". Four capital letters in two words, and there aren't even any vowels in that second one. How the hell am I supposed to pronounce that?
* I am aware of German corporate names. Though "GmbH" is still awkward, and as an American I've got no idea how to pronounce it.
The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
that was easy. I have more
OK, I admit there was alot of hype in 1999 about Y2K but there were alot of programmers working on it. We will just never know how bad it would have been if it was just left as is.
Yes, actually, we do, within some bounds. The hype was that power would go off, cars wouldn't start, and it would be the end of days. That was just plain stupid since critical real-time systems generally do not work with dates. If absolutely nothing had been fixed, billing and financial systems, in general, would have been pretty messed up. The recession might have hit eighteen months early and might have been deeper. But most modern technology would ride on through.
No Virus McF**ckface?
How about giving them soft girly names, or hugely denigrating names? Who wants fame for writing the 'I've got a little p£ni5' worm?
It wouldn't stop the issue, but if all discovered viruses were given derogatory names and a numerical identifier, such as 'Pathetic 1', it would be a low cost way of reducing the volume of viruses.