Blackworm Dud Highlights Virus Naming Mess

An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"

Why not assign every virus an ID number?

[l33t.g33k]

Really, I think this would simplify things a bit. Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number that their anti-virus software reports, and be able get whatever info they need about the virus. The current naming conventions are very confusing for some people.

The naming confusion...

[undeadly]

... is intentional. It is due to companies trying "differensiate" themselves from the competition, and very little to do with increasing the security of their paying customers. Quite simply: it is marketing.

Re:Why not assign every virus an ID number?

[AKAImBatman]

Three comedians are shooting the breeze at the back of a nightclub after a late gig. They've heard one another's material so much, they've reached the point where they don't need to say the jokes anymore to amuse each other - they just need to refer to each joke by a number. "Number 37!" cracks the first comic, and the others break up. ""Number 53!" says the second guy, and they howl. Finally, it's the third comic's turn. "44!" he quips. He gets nothing. Crickets. "What?" he asks, "Isn't 44 funny?" "Sure, it's usually hilarious," they answer. "But the way you tell it..."

So, did you hear about virus #2451-23123.2134-A? I hear it's going to be a doozy! :-P

No headlines.

[IAAP]

It wouldn't be as attention grabbing.

What do you think sells more papers:

The "Cyber Herpes" virus is coming!

or, "5437B" is coming!

Virus Naming Conventions

[SilentOneNCW]

Assigning viruses numbers is an interesting idea, making tracking viruses easier in some ways, but much harder in others. For example, one couldn't say on the Nightly News: "Virus #34932423 has recently stricken the Internet, destroying the International Llama Foundation's forums and redirecting all Google search results to the federal government. Watch out, folks, #34932423 is a real nasty!" If the authorities do not name viruses, they will be given names by the common people to make communication easier. Much better to have an organization give each virus a name that has some chance of making sense, rather than having the masses choose a name that may or may make any sense, i.e. "the blue screen of death virus has hit again!"

IVSC

[Randall311]

They should have an International Virus Standards Committee, so that we can waste lots of time and money deciding what the next virus should be named...

My point is, who cares what it's named! A mass mailing worm is just that. Shouldn't matter if you call it "Blackworm" or "You got f'ed in the a". If it walks like a duck and talks like a duck...

Numbered Viruses

[conteXXt]

Oh boy this is a great idea.

Three genus(es?) = os

Microsoft
Linux
MAC

species = app
ie
etc...

phylum = number (increment)

now here is the kicker: Microsoft will have a canary.

as the numbers will hit the MAXINT for a 32bit OS

newscaster: "MSIE999999999999999 was found in the wild today"

producer: "mumble mumble"

newscaster: "sorry that was MSIE 10 to the power of 999999999999"
 

Re:I agree

[hey!]

Well, it seems to me that you just need to use some kind of hierarchical naming scheme, e.g.

com.symantec.virusdb.mydoom
com.symantic.virusdb.mydoom.variant1
com.symantic.virusdb.mydoom.variant2 ...

This allows the vendors to respond quickly. Then each vendor can also maintain a "thesaurus" of equivalents with other naming authorities,e.g.:

com.symantic.virusdb.mydoom==org.cert.virus.2004.1
com.symantic.virusdb.mydoom.variant1==org.cert.vir us.2004.1.2

Then Symantec reports that you have com.symantic.virusdb.mydoom.variant2, you can check their thesaurus; if you don't find the exact variant, you could still figure out its a form of org.cert.virus.2004.1 that hasn't been named by that authority.

Slightly OT

[TubeSteak]

Even though the article comes from blogs.washingtonpost.com, they threw in links to Wikipedia :O)

http://en.wikipedia.org/wiki/Sisyphus [wikipedia.org]
http://en.wikipedia.org/wiki/Tower_of_Babel [wikipedia.org]

To stay ontopic, here's the list of companies and the name they picked for this virus

Authentium: W32/Kapser.A@mm
AVIRA: Worm/KillAV.GR
CA: Win32/Blackmal.F
Fortinet: W32/Grew.A!wm
F-Secure: Nyxem.E
Grisoft: Worm/Generic.FX
H+BEDV: Worm/KillAV.GR
Kaspersky: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/Mywife.E@mm
Norman: W32/Small.KI
Panda: W32/Tearec.A.worm
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
TrendMicro: WORM_GREW.A

So who was calling it "Kama Sutra" ?

Re:Hej!

[Anonymous Coward]

Actually, it wasn't "spoken like a true native". The post below [slashdot.org] is absolutely correct, he forgot the accusative -n ending, and Esperanto should be capitalized (proper name). Better phrasings are also offered, but the minimal correction is, indeed, "Hej! Mi povas paroli Esperanton, you insensitive clod!".

Hurricane names?

[serodores]

Don't they already have a naming convention in place for hurricanes? The World Meteorological Organization has been doing this [wavehelp.com] for years. Given the backing of CERT [cert.org] for vulnerability incident descriptions, details, and classifications, why can't they organize a unique naming convention already used for hurricanes?

Sure, they may run out of names, but they can reuse names as they do for hurricane names, with the exception of widespread popular hurricanes/worms/virii, which can be retired [noaa.gov], just like some hurricane names.