Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Government United States Politics

Blackworm Dud Highlights Virus Naming Mess 108

An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"
This discussion has been archived. No new comments can be posted.

Blackworm Dud Highlights Virus Naming Mess

Comments Filter:
  • I agree (Score:5, Funny)

    by b4k3d b34nz ( 900066 ) on Friday February 03, 2006 @05:27PM (#14638338)

    They should have just had everyone call it the Sex for Gymnasts virus.

    • funny...
      Really, why not something like a hurricane naming system or such.
      Virus name is datecode+varient number or some such, big ones get named for the year or something?
      -nB
      • I've never heard that proposed, but that does make sense. I guess the problem is when you have so many variants, like with the MyDoom virus--it's harder to associate a number than a name in memory. I guess that wouldn't be a problem if it's just so that AV companies have a standard naming convention for the viruses, but it could get harder for people to remember what they have to look out for.

        • Re:I agree (Score:5, Insightful)

          by hey! ( 33014 ) on Friday February 03, 2006 @05:58PM (#14638609) Homepage Journal
          Well, it seems to me that you just need to use some kind of hierarchical naming scheme, e.g.

          com.symantec.virusdb.mydoom
          com.symantic.virusdb.mydoom.variant1
          com.symantic.virusdb.mydoom.variant2 ...

          This allows the vendors to respond quickly. Then each vendor can also maintain a "thesaurus" of equivalents with other naming authorities,e.g.:

          com.symantic.virusdb.mydoom==org.cert.virus.2004.1
          com.symantic.virusdb.mydoom.variant1==org.cert.vir us.2004.1.2

          Then Symantec reports that you have com.symantic.virusdb.mydoom.variant2, you can check their thesaurus; if you don't find the exact variant, you could still figure out its a form of org.cert.virus.2004.1 that hasn't been named by that authority.

    • Re:I agree (Score:2, Funny)

      by Debiant ( 254216 )
      What about 'Huge black worm between legs'? It summarises both suggested in a one sentence.
  • Hej! (Score:5, Funny)

    by Krach42 ( 227798 ) on Friday February 03, 2006 @05:28PM (#14638350) Homepage Journal
    Hej! Mi povas paroli esperanto, you insensitive clod!
    • Hej! Mi povas paroli esperanto, you insensitive clod!

      For those of you who want to make equally cliche and off-topic posts, here's a link. =P http://www.kafejo.com/lingvoj/auxlangs/eo/tradukil o/ [kafejo.com]
    • spoken like a true native...
      • Re:Hej! (Score:1, Insightful)

        by Anonymous Coward
        Actually, it wasn't "spoken like a true native". The post below [slashdot.org] is absolutely correct, he forgot the accusative -n ending, and Esperanto should be capitalized (proper name). Better phrasings are also offered, but the minimal correction is, indeed, "Hej! Mi povas paroli Esperanton, you insensitive clod!".
        • Re:Hej! (Score:1, Offtopic)

          by Krach42 ( 227798 )
          Actually, it wasn't "spoken like a true native". The post below is absolutely correct, he forgot the accusative -n ending, and Esperanto should be capitalized (proper name). Better phrasings are also offered, but the minimal correction is, indeed, "Hej! Mi povas paroli Esperanton, you insensitive clod!".

          Actually, I should have responded to this saying that I needed the accusative ending, or make it an adverb, I just didn't feel a need to, since it was just a joke.

          I personally learned "Mi povas paroli espera
  • by l33t.g33k ( 903780 ) on Friday February 03, 2006 @05:30PM (#14638369)
    Really, I think this would simplify things a bit. Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number that their anti-virus software reports, and be able get whatever info they need about the virus. The current naming conventions are very confusing for some people.
  • by Anonymous Coward
    Thank God. Imagine if Kama Sutra hit hardly. That would put microsoft in an aquard position...:)
    • A few thoughts,

      The Karma Sutra issue, really there is nothing new about malware like this one. Every day I watch and monitor much worse threats. I feel this one was escalated by the back seat approach Microsoft has taken.

      On the M$ site it states that, 3rd party security vendors already have in place solutions to suppress the Karma Sutra threat. Also that they [ M$ ] will not break their patch cycle to address this problem, but.......if you have purchased additional support packages, you can get the patch
  • by undeadly ( 941339 ) on Friday February 03, 2006 @05:33PM (#14638392)
    ... is intentional. It is due to companies trying "differensiate" themselves from the competition, and very little to do with increasing the security of their paying customers. Quite simply: it is marketing.
    • by Anonymous Coward on Friday February 03, 2006 @05:48PM (#14638525)
      Virus names need to be more insulting to the creators. Some little script kidde is not going to be very proud to have written the "NeverKissedAGirl" virus.
    • It also allows the anti-virus companies to inflate their claims of how many threats they can stop. By listing the same one under every name it's known by, they make it look like they're even more protective than they are. Don't know if any of them actually do this, but it's certainly a possibility.
    • "Media Hype" + "Virus Name Variance" = "Consumer Dilemma"

      The names of viruses should be treated like tropical storms & hurricanes. With the new year the naming should start over at the letter A, then when the English alphabet is exhausted the names should be Greek... and so on. It makes sense to prevent confusion over the many vendors and their different naming conventions. Of course all of this would have been prevented if M$ decided to create an API that did not require so many privileges.

    • Yeah, nothing like spouting off how you were the only vendor to detect MyWife.c (because nobody else called the exact same virus something else.)
  • by Nom du Keyboard ( 633989 ) on Friday February 03, 2006 @05:34PM (#14638409)
    a new U.S.-government funded initiative to introduce some sanity into the virus-naming business.

    Wow (not WoW)! My tax dollars at work. I am so thrilled now!

    • Cyberspace is now considered to be a likely arena for future wars (or terrorism, or organized crime). Sure, the Kama Sutra worm seems trivial. But when a virus threatens to bring down a major part of the US economy, then a little investment in improved communication will pay off.
  • by SilentOneNCW ( 943611 ) <silentdragon@nosPAm.gmail.com> on Friday February 03, 2006 @05:38PM (#14638440) Homepage
    Assigning viruses numbers is an interesting idea, making tracking viruses easier in some ways, but much harder in others. For example, one couldn't say on the Nightly News: "Virus #34932423 has recently stricken the Internet, destroying the International Llama Foundation's forums and redirecting all Google search results to the federal government. Watch out, folks, #34932423 is a real nasty!" If the authorities do not name viruses, they will be given names by the common people to make communication easier. Much better to have an organization give each virus a name that has some chance of making sense, rather than having the masses choose a name that may or may make any sense, i.e. "the blue screen of death virus has hit again!"
  • IVSC (Score:2, Insightful)

    by Randall311 ( 866824 )
    They should have an International Virus Standards Committee, so that we can waste lots of time and money deciding what the next virus should be named...

    My point is, who cares what it's named! A mass mailing worm is just that. Shouldn't matter if you call it "Blackworm" or "You got f'ed in the a". If it walks like a duck and talks like a duck...
    • They should have an International Virus Standards Committee, so that we can waste lots of time and money deciding what the next virus should be named...

      Standards are such a wonderful thing; there's so many to chose from.

  • I can't believe that is the best name the government can come up with. It sounds more like an STD than a computer virus.
  • by digitaldc ( 879047 ) * on Friday February 03, 2006 @05:48PM (#14638526)
    ...to see if they will promise to use only one name & abbreviation next time:


    'Latest Overhyped VIrus Threat' or 'LOVIT'
  • Numbered Viruses (Score:3, Insightful)

    by conteXXt ( 249905 ) on Friday February 03, 2006 @05:51PM (#14638547)
    Oh boy this is a great idea.

    Three genus(es?) = os

    Microsoft
    Linux
    MAC

    species = app
    ie
    etc...

    phylum = number (increment)

    now here is the kicker: Microsoft will have a canary.

    as the numbers will hit the MAXINT for a 32bit OS

    newscaster: "MSIE999999999999999 was found in the wild today"

    producer: "mumble mumble"

    newscaster: "sorry that was MSIE 10 to the power of 999999999999"
     
  • by G4from128k ( 686170 ) on Friday February 03, 2006 @05:54PM (#14638572)
    The problem is all the variants of a given malware. For most users, the signature of the payload is less meaningful than the subject line of the e-mail. A virus email that promises Kama Sutra pictures is "different" from one promising Miss Lebanon even if the underlying payload and behavior is identical.

    Perhaps AV experts need to use cladistics [wikipedia.org] with a standardized set of feature dimensions. A cladogram of the virus varients and some threshold distance in feature-space would help segment similar and dissimilar malware.

    I actually don't hold out much hope for this because malware is an adaptive threat. Malware creators might (and do) easily take steps to obfuscate their warez -- creating spurious variants for the express purpose of confusing AV software, news reporting, and users. The more variants that appear, the harder it is to counter the threat.
  • by __aaclcg7560 ( 824291 ) on Friday February 03, 2006 @05:55PM (#14638578)
    Esperanto is now a virus? I hope it catches on quicker than it was as a language. Otherwise, it'll take 50 years to get anywhere.
  • Slightly OT (Score:5, Insightful)

    by TubeSteak ( 669689 ) on Friday February 03, 2006 @06:00PM (#14638618) Journal
    Even though the article comes from blogs.washingtonpost.com, they threw in links to Wikipedia :O)

    http://en.wikipedia.org/wiki/Sisyphus [wikipedia.org]
    http://en.wikipedia.org/wiki/Tower_of_Babel [wikipedia.org]

    To stay ontopic, here's the list of companies and the name they picked for this virus
    Authentium: W32/Kapser.A@mm
    AVIRA: Worm/KillAV.GR
    CA: Win32/Blackmal.F
    Fortinet: W32/Grew.A!wm
    F-Secure: Nyxem.E
    Grisoft: Worm/Generic.FX
    H+BEDV: Worm/KillAV.GR
    Kaspersky: Email-Worm.Win32.Nyxem.e
    McAfee: W32/MyWife.d@MM
    Microsoft: Win32/Mywife.E@mm
    Norman: W32/Small.KI
    Panda: W32/Tearec.A.worm
    Sophos: W32/Nyxem-D
    Symantec: W32.Blackmal.E@mm
    TrendMicro: WORM_GREW.A
    So who was calling it "Kama Sutra" ?
    • So who was calling it "Kama Sutra" ?

      That [sfgate.com] would [zdnet.com] be [go.com] the [wdef.com] news [technewsworld.com] media [theregister.co.uk]. You know, the all-knowing virus experts.

      And all the non-tech people see this in the news and think it's a big deal. They keep calling asking if we are being hit by it. Gee, I don't know. It's been out since January 17 and our definitions have been updated about 15 times since then. You haven't been opening email attachments from people you don't know claiming to be sending you porn, have you? No? Then I think we're safe.

      Come on people.

  • What a disappointment!! I was hoping for a day off from work, BUT NOOOOOOOOOOOOOO!!!!

    No crashing networks, no choked ISPs, my ping in SWG didn't even go up. What a waste of paranoid hysteria....

  • by Vellmont ( 569020 ) on Friday February 03, 2006 @06:21PM (#14638770) Homepage
    I'm sure the big Antivirus guys will resist tooth and nail any external change like the CME numbers. As the article says, they aren't the target for this naming scheme, the people who have to deal with these viruses (like a lot of us slashdotters) are the real people who benefit. With a common naming that us end users can agree on we can finally communicate about what virus is what, instead of having some giant table to translate all the time. People will still use the more common names in the press, etc.

    The CME number will be like the scientific name of a plant or animal. Specialized to a certain group, but entirely definitive. The antivirus vendors will all eventually have to start publishing a CME identifier with each virus so any administrator will know "what the hell virus is that?".
  • Cause or effect? (Score:3, Interesting)

    by nurb432 ( 527695 ) on Friday February 03, 2006 @06:38PM (#14638883) Homepage Journal
    Was it a dud beacuse it was nothing to worry about in the first place and the hype was overrated?

    or was it a dud beacuse of all the hype and people patched beforehand?
  • VGrep (Score:3, Informative)

    by salvorHardin ( 737162 ) <adwulf.gmail@com> on Friday February 03, 2006 @07:33PM (#14639176) Journal
    Isn't this exactly what VGrep [virusbtn.com] was designed to sort out?
  • Hurricane names? (Score:2, Insightful)

    by serodores ( 526546 )
    Don't they already have a naming convention in place for hurricanes? The World Meteorological Organization has been doing this [wavehelp.com] for years. Given the backing of CERT [cert.org] for vulnerability incident descriptions, details, and classifications, why can't they organize a unique naming convention already used for hurricanes?

    Sure, they may run out of names, but they can reuse names as they do for hurricane names, with the exception of widespread popular hurricanes/worms/virii, which can be retired [noaa.gov], just like some hu

  • The same reason we give everything names, to make it easier to remember.

    Can anyone rattle off the IP address for www.yahoo.com? (wait.. around here.. bad question...)

    But you get the point. We as humans name everything in order to keep better mental reference and remember it. They could have called it the Apple portable media player , but they came up with iPod. And people remember it.

    I think that here in the geek world we so commonly have to reference things by numbers that we forget that names are f

  • There's a naming convention for hurricanes, there ought to be one for viruses. My spouse's company was ready for this virus, had information posted for everyone on the intranet about it. Even other IT people were confused and after reading about the Kama Sutra virus here on Slashdot, wanted to know why there wasn't any information regarding that ("My Wife" may have been the name used in the initial security bulletin). If even other geeks are blowing a gasket, imagine the general public.

Never let someone who says it cannot be done interrupt the person who is doing it.

Working...