Blackworm Dud Highlights Virus Naming Mess 108
An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"
The problem with variants: cladisitics (Score:5, Interesting)
Perhaps AV experts need to use cladistics [wikipedia.org] with a standardized set of feature dimensions. A cladogram of the virus varients and some threshold distance in feature-space would help segment similar and dissimilar malware.
I actually don't hold out much hope for this because malware is an adaptive threat. Malware creators might (and do) easily take steps to obfuscate their warez -- creating spurious variants for the express purpose of confusing AV software, news reporting, and users. The more variants that appear, the harder it is to counter the threat.
Standards start at the grassroots (Score:3, Interesting)
The CME number will be like the scientific name of a plant or animal. Specialized to a certain group, but entirely definitive. The antivirus vendors will all eventually have to start publishing a CME identifier with each virus so any administrator will know "what the hell virus is that?".
Re:Why not assign every virus an ID number? (Score:2, Interesting)
And, just like CVE, no one uses it. Go US Department of Homeland Security!
Cause or effect? (Score:3, Interesting)
or was it a dud beacuse of all the hype and people patched beforehand?