Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Government United States Politics

Blackworm Dud Highlights Virus Naming Mess 108

Posted by Zonk from the virus-20313 dept.
An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"
This discussion has been archived. No new comments can be posted.

Blackworm Dud Highlights Virus Naming Mess More

Blackworm Dud Highlights Virus Naming Mess

Comments Filter:

  • The problem with variants: cladisitics (Score:5, Interesting)

    by G4from128k ( 686170 ) on Friday February 03, 2006 @06:54PM (#14638572)
    The problem is all the variants of a given malware. For most users, the signature of the payload is less meaningful than the subject line of the e-mail. A virus email that promises Kama Sutra pictures is "different" from one promising Miss Lebanon even if the underlying payload and behavior is identical.

    Perhaps AV experts need to use cladistics [wikipedia.org] with a standardized set of feature dimensions. A cladogram of the virus varients and some threshold distance in feature-space would help segment similar and dissimilar malware.

    I actually don't hold out much hope for this because malware is an adaptive threat. Malware creators might (and do) easily take steps to obfuscate their warez -- creating spurious variants for the express purpose of confusing AV software, news reporting, and users. The more variants that appear, the harder it is to counter the threat.

  • Standards start at the grassroots (Score:3, Interesting)

    by Vellmont ( 569020 ) on Friday February 03, 2006 @07:21PM (#14638770) Homepage
    I'm sure the big Antivirus guys will resist tooth and nail any external change like the CME numbers. As the article says, they aren't the target for this naming scheme, the people who have to deal with these viruses (like a lot of us slashdotters) are the real people who benefit. With a common naming that us end users can agree on we can finally communicate about what virus is what, instead of having some giant table to translate all the time. People will still use the more common names in the press, etc.

    The CME number will be like the scientific name of a plant or animal. Specialized to a certain group, but entirely definitive. The antivirus vendors will all eventually have to start publishing a CME identifier with each virus so any administrator will know "what the hell virus is that?".

  • Re:Why not assign every virus an ID number? (Score:2, Interesting)

    by Anonymous Coward on Friday February 03, 2006 @07:28PM (#14638813)
    Interestingly enough, they did. Replace the V with and M, and you get Common Malware Enumeration [mitre.org].

    And, just like CVE, no one uses it. Go US Department of Homeland Security!

  • Cause or effect? (Score:3, Interesting)

    by nurb432 ( 527695 ) on Friday February 03, 2006 @07:38PM (#14638883) Homepage Journal
    Was it a dud beacuse it was nothing to worry about in the first place and the hype was overrated?

    or was it a dud beacuse of all the hype and people patched beforehand?

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close