Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blackworm Dud Highlights Virus Naming Mess

Zonk posted more than 8 years ago | from the virus-20313 dept.

Security 108

An anonymous reader writes "Washingtonpost.com is running a story that looks at the total mess that the anti-virus companies made in naming the latest overhyped virus threat. According to the article, 'Blackworm' or the 'Kama Sutra worm' was the first major test of a new U.S.-government funded initiative to introduce some sanity into the virus-naming business. From the article: 'For most of [the antivirus vendors], this is like Esperanto: You can speak it if you want to, but everyone else is going to carry on babbling in their own native tongue, so it doesn't really matter.'"

cancel ×

108 comments

Sorry! There are no comments related to the filter you selected.

I agree (5, Funny)

b4k3d b34nz (900066) | more than 8 years ago | (#14638338)

They should have just had everyone call it the Sex for Gymnasts virus.

Re:I agree (1)

networkBoy (774728) | more than 8 years ago | (#14638372)

funny...
Really, why not something like a hurricane naming system or such.
Virus name is datecode+varient number or some such, big ones get named for the year or something?
-nB

Re:I agree (1)

b4k3d b34nz (900066) | more than 8 years ago | (#14638439)

I've never heard that proposed, but that does make sense. I guess the problem is when you have so many variants, like with the MyDoom virus--it's harder to associate a number than a name in memory. I guess that wouldn't be a problem if it's just so that AV companies have a standard naming convention for the viruses, but it could get harder for people to remember what they have to look out for.

Re:I agree (4, Insightful)

hey! (33014) | more than 8 years ago | (#14638609)

Well, it seems to me that you just need to use some kind of hierarchical naming scheme, e.g.

com.symantec.virusdb.mydoom
com.symantic.virusdb.mydoom.variant1
com.symantic.virusdb.mydoom.variant2 ...

This allows the vendors to respond quickly. Then each vendor can also maintain a "thesaurus" of equivalents with other naming authorities,e.g.:

com.symantic.virusdb.mydoom==org.cert.virus.2004.1
com.symantic.virusdb.mydoom.variant1==org.cert.vir us.2004.1.2

Then Symantec reports that you have com.symantic.virusdb.mydoom.variant2, you can check their thesaurus; if you don't find the exact variant, you could still figure out its a form of org.cert.virus.2004.1 that hasn't been named by that authority.

Re:I agree (0)

Anonymous Coward | more than 8 years ago | (#14638807)

you guys are such nerds

Re:I agree (1)

hey! (33014) | more than 8 years ago | (#14641145)

you guys are such nerds

Thank you.

Re:I agree (1)

netcrusher88 (743318) | more than 8 years ago | (#14640933)

Hey, he's hit on something. If viruses would just comform to Java, they'd slow down to the point of being created after the patch has been released!

Re:I agree (1)

blackest_k (761565) | more than 8 years ago | (#14641270)

I see your point, however I could see people confusing the virus with the antivirus company.

The AV companys might just see that as a negative.

Re:I agree (2, Funny)

Debiant (254216) | more than 8 years ago | (#14638400)

What about 'Huge black worm between legs'? It summarises both suggested in a one sentence.

Hej! (5, Funny)

Krach42 (227798) | more than 8 years ago | (#14638350)

Hej! Mi povas paroli esperanto, you insensitive clod!

Re:Hej! (1)

heatdeath (217147) | more than 8 years ago | (#14638395)

Hej! Mi povas paroli esperanto, you insensitive clod!

For those of you who want to make equally cliche and off-topic posts, here's a link. =P http://www.kafejo.com/lingvoj/auxlangs/eo/tradukil o/ [kafejo.com]

Re:Hej! (1)

Cro Magnon (467622) | more than 8 years ago | (#14638481)

Dankon. Mi ne memori kiel al diri "LoL" en Esperanton.

Thanks. I didn't remember how to say "LoL" in Esperanto.

Re:Hej! (1)

Krach42 (227798) | more than 8 years ago | (#14638562)

Dankon. Mi ne memori kiel al diri "LoL" en Esperanton.

Awesome, even with such a spectacularly easy language as Esperanto, a machine translator screws it up hard.

"Dankon. Mi ne memoris kiel diri 'LoL' esperante."

Re:Hej! (1)

Tony Hoyle (11698) | more than 8 years ago | (#14639260)

Mi ne estos aeti i tiu rekordo, estas gratita.

(http://lingvo.org/traduku/ [lingvo.org] is better... handles sentences).

Re:Hej! (1)

pilgrim23 (716938) | more than 8 years ago | (#14638478)

spoken like a true native...

Re:Hej! (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14639069)

Actually, it wasn't "spoken like a true native". The post below [slashdot.org] is absolutely correct, he forgot the accusative -n ending, and Esperanto should be capitalized (proper name). Better phrasings are also offered, but the minimal correction is, indeed, "Hej! Mi povas paroli Esperanton, you insensitive clod!".

Re:Hej! (0, Offtopic)

Krach42 (227798) | more than 8 years ago | (#14639212)

Actually, it wasn't "spoken like a true native". The post below is absolutely correct, he forgot the accusative -n ending, and Esperanto should be capitalized (proper name). Better phrasings are also offered, but the minimal correction is, indeed, "Hej! Mi povas paroli Esperanton, you insensitive clod!".

Actually, I should have responded to this saying that I needed the accusative ending, or make it an adverb, I just didn't feel a need to, since it was just a joke.

I personally learned "Mi povas paroli esperante." (without capitalization, because it's no longer a proper noun, but an adverb.)

Capitalization rules are iffy at best in Esperanto anyways, as the various derivative languages use vastly different rules. English uses it for all proper nouns and derivatives, German only uses it for all nouns but not their other part-of-speech derivatives, and romance languages generally (as far as my understanding goes) capitalize proper nouns only while nouns, but not their other part-of-speech derivatives.

Either way, I concede that my grammar was wrong, but my capitalization is a trivial, and generally irrelavent point to complain about in an international auxillary language.

Re:Hej! (0)

Anonymous Coward | more than 8 years ago | (#14638996)

Hej! Mi povas paroli esperanto, you insensitive clod!

No gxustas. Esperanto estas propra nomo, do gxi cxiam havas majusklon. Vi ankaux forgesis akuzativon. Pli bone:

Hej! Mi povas paroli Esperanton
Hej! Mi povas paroli en Esperanto
Hej! Mi povas paroli Esperante
Hej! Mi povas paroli Esperantlingve

Aux pli mallonge:

Hej! Mi scipovas Esperanton.

Re:Hej! (1)

Krach42 (227798) | more than 8 years ago | (#14639055)

Yeah, I realize it was wrong just after I posted it. I realized, i needed to make it accusative or adverbal, but I can't go back and edit it now.

As for capitalization, "esperante" wouldn't be capitalized in my opinion, it's an adverb, and no longer a proper noun.

Generally as I've had the understanding that the rules of capitalization in Esperanto are liberal, and deemed "insigificant" since they carry little actual intentional meaning, and rules of capitalization vary significantly across all the derivative languages.

Why not assign every virus an ID number? (4, Insightful)

l33t.g33k (903780) | more than 8 years ago | (#14638369)

Really, I think this would simplify things a bit. Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number that their anti-virus software reports, and be able get whatever info they need about the virus. The current naming conventions are very confusing for some people.

Re:Why not assign every virus an ID number? (1)

networkBoy (774728) | more than 8 years ago | (#14638394)

Seems we had the smae idea at the same time...

This by far makes the most sense. A central dB and work from that. A way to track linages, inherent in the naming schema would be good.
-nB

Re:Why not assign every virus an ID number? (4, Insightful)

AKAImBatman (238306) | more than 8 years ago | (#14638406)

Three comedians are shooting the breeze at the back of a nightclub after a late gig. They've heard one another's material so much, they've reached the point where they don't need to say the jokes anymore to amuse each other - they just need to refer to each joke by a number. "Number 37!" cracks the first comic, and the others break up. ""Number 53!" says the second guy, and they howl. Finally, it's the third comic's turn. "44!" he quips. He gets nothing. Crickets. "What?" he asks, "Isn't 44 funny?" "Sure, it's usually hilarious," they answer. "But the way you tell it..."

So, did you hear about virus #2451-23123.2134-A? I hear it's going to be a doozy! :-P

Re:Why not assign every virus an ID number? (5, Funny)

Have Blue (616) | more than 8 years ago | (#14638748)

Better version:

So this guy takes his girlfriend to an engineers' comedy club, but when the act starts, she's confused because the guy on stage is just shouting out numbers and getting laughs from the crowd each time. She asks what's so funny, and her boyfriend explains that they have indexed every joke in the world and assigned each one an ID number, so when he says a number he's telling that joke. This goes on for a while until the end, when the comedian shouts a certain number that really brings the house down, roaring, cheering, standing ovation, the works. The girl asks what was so funny about it. The boyfriend replies, "We've never heard that one before."

Re:Why not assign every virus an ID number? (1)

PhunkySchtuff (208108) | more than 8 years ago | (#14639616)

It's not a MacBook Pro, it's not a PowerBook as there's no PPC in it, so it's a CentrinoBook

Re:Why not assign every virus an ID number? (1)

John Nowak (872479) | more than 8 years ago | (#14640280)

They were called PowerBooks long before they used PPC processors, but keep trying.

Re:Why not assign every virus an ID number? (1)

hotdiggitydawg (881316) | more than 8 years ago | (#14639111)

Three comedians are shooting the breeze at the back of a nightclub after a late gig. They've heard one another's material so much, they've reached the point where they don't need to say the jokes anymore to amuse each other - they just need to refer to each joke by a number. "Number 37!" cracks the first comic, and the others break up. ""Number 53!" says the second guy, and they howl. Finally, it's the third comic's turn. "44!" he quips. He gets nothing. Crickets. "What?" he asks, "Isn't 44 funny?" "Sure, it's usually hilarious," they answer. "But the way you tell it..." ...and then a heckler from the crowd pipes up and shouts "258", and the comics start pissing themselves with laughter. Eventually one calms down enough to respond "That's brilliant, we haven't heard that one before"...

No headlines. (2, Insightful)

IAAP (937607) | more than 8 years ago | (#14638417)

It wouldn't be as attention grabbing.

What do you think sells more papers:

The "Cyber Herpes" virus is coming!

or, "5437B" is coming!

Re:No headlines. (0)

Anonymous Coward | more than 8 years ago | (#14638488)

5437B could sell more papers, because it makes less sense. :-)

Re:No headlines. (1)

Skater (41976) | more than 8 years ago | (#14639455)

It worked for species 8472!

Re:Why not assign every virus an ID number? (3, Informative)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14638490)

Assign every virus an ID number. Then, people could search a CENTRAL database by typing in the ID number

They did that. Its called the CME, or Common Malware Enumeration number. Blackworm was long ago numbered CME-24. The problem is the press does not generally include this number in their press releases and instead uses one of the many names different companies come up with. Also, most end-user anti-virus programs haven't bothered to include CME's in the user visible parts of their applications.

Re:Why not assign every virus an ID number? (0)

Anonymous Coward | more than 8 years ago | (#14638868)

The problem is the press does not generally include this number in their press releases

Give it time. The CME numbers are very new; they are only up to number 24!

CME is one name for every malware. (1)

Futurepower(R) (558542) | more than 8 years ago | (#14639139)

Common Malware Enumeration (CME) [mitre.org] explanation.

CME List [mitre.org] , which has numbers above 900.

--
Before, Saddam got Iraq oil profits and paid part to kill Iraqis. Now a few Americans get Iraq oil profits, and American citizens pay to kill Iraqis. Improvement?

Re:Why not assign every virus an ID number? (1)

mortonda (5175) | more than 8 years ago | (#14638993)

So the next question is, why hasn't SLASHDOT used this yet? If the geek website doesn't get it right, you expect the regular news media to get it right?

Re:Why not assign every virus an ID number? (1)

Anonymous Coward | more than 8 years ago | (#14639171)

It will take time for the media to catch on. The media (and us) like sexy names (excuse the pun) like the kama sutra worm. The in-betweeners like Tim Baharin and Larry Magid need to push this on the media and then people about this new system so people can be use the common term. But like most human being they will refer the "sexy" name that an compary decides to name the malware.

Re:Why not assign every virus an ID number? (1)

NickBilo (833712) | more than 8 years ago | (#14639269)

CME is only for high-profile outbreaks. It is impossible to assign an ID for EVERY virus, because there is nobody has/knows about every virus. In fact antivirus companies are reluctant to share more than a few virus samples with each other, let alone US Government (who runs CME program). And then like the poster above said, even if they had all been numbered, media will still call them "Sex and Rock'n'Roll virus on the loose".

Re:Why not assign every virus an ID number? (1)

phraktyl (92649) | more than 8 years ago | (#14638507)

Use something like the CVE [mitre.org] , or Common Vulnerabilities and Exposures list over at Mitre [mitre.org] .

Re:Why not assign every virus an ID number? (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14638813)

Interestingly enough, they did. Replace the V with and M, and you get Common Malware Enumeration [mitre.org] .

And, just like CVE, no one uses it. Go US Department of Homeland Security!

Re:Why not assign every virus an ID number? (4, Funny)

MightyMartian (840721) | more than 8 years ago | (#14638512)

I think they should just name them DontopeneveryfuckingemailyoufuckingretardA, DontopeneveryfuckingemailyoufuckingretardB, DontopeneveryfuckingemailyoufuckingretardC and so on...

Re:Why not assign every virus an ID number? (2, Funny)

TubeSteak (669689) | more than 8 years ago | (#14638667)

Assuming you just keep tacking on letters, one day you'll get a virus named DontopeneveryfuckingemailyoufuckingretardNOT

Re:Why not assign every virus an ID number? (0, Offtopic)

just_another_sean (919159) | more than 8 years ago | (#14638691)

Funny? Mod parent *Insightful*!

Re:Why not assign every virus an ID number? (2, Funny)

Mathness (145187) | more than 8 years ago | (#14639144)

I think they should just name them DontopeneveryfuckingemailyoufuckingretardA, DontopeneveryfuckingemailyoufuckingretardB, DontopeneveryfuckingemailyoufuckingretardC and so on...

I see your point, but I don't think long, and hard to pronounce, Finnish words is they way to go.

To you out there who doesn't understand Finnish, the words can roughly be tranlated to (I am a little rusty at this, so excuse any errors):
I am a fricking virus/worm with a laser attached to my head, so don't fricking read this email.

Re:Why not assign every virus an ID number? (1)

jimfulton (204820) | more than 8 years ago | (#14640329)

Or get out of the 90s and run Desktop DMZ software so that you can go ahead and open every f*g email without ever worrying about it.

I don't get it... (1)

MacDork (560499) | more than 8 years ago | (#14640514)

DontopeneveryfuckingemailyoufuckingretardA

What's the point of email if you can't open your email?

Re:Why not assign every virus an ID number? (1)

TPS Report (632684) | more than 8 years ago | (#14640813)

I think they should just name them DontopeneveryfuckingemailyoufuckingretardA, DontopeneveryfuckingemailyoufuckingretardB, DontopeneveryfuckingemailyoufuckingretardC and so on...
Donto pen every FUC king E mail you FUC king reta RDB? A little help here? I don't get it. :)

Oy (1)

nightsweat (604367) | more than 8 years ago | (#14638600)

Aaaaaaaand THIS is why geeks should never work in marketing (just as marketers should never make tech decisions.

Are you going to get the public to take a nerd warning about "m71.4445876.EU.1393" or one called "CreditRatingRaper" more seriously?

You should HAVE a more stable designator, but get the companies to agree on a popular name also, maybe by letting them name the biggies round-robin style.

Re:Why not assign every virus an ID number? (1)

ajs (35943) | more than 8 years ago | (#14638706)

I think it would be best to use the WHIRLPOOL hash of the virus.

I think my machine has been hit by B97DE512E91E3828B40D2B0FDCE9CEB3C4A71F9BEA8D88E75C 4FA854DF36725F
D2B52EB6544EDCACD6F8BEDDFEA403CB55AE31F03AD62A5EF5 4E42EE82C3FB35
, can anyone tell me what I should do?

Re:Why not assign every virus an ID number? (1)

jZnat (793348) | more than 8 years ago | (#14639236)

Better yet, give it a GUID! We have plenty left to go around for a long time! Let's use some a little bit faster.

Re:Why not assign every virus an ID number? (1)

The_Wilschon (782534) | more than 8 years ago | (#14640000)

The government could even issue national virus ID cards, with RFID tags in them!

Kama Sutra Worm Hits Softly (2, Funny)

Anonymous Coward | more than 8 years ago | (#14638379)

Thank God. Imagine if Kama Sutra hit hardly. That would put microsoft in an aquard position...:)

Re:Kama Sutra Worm Hits Softly (0)

Anonymous Coward | more than 8 years ago | (#14639925)

What is this "aquard" position?
I only know of awkward positions.

Re:Kama Sutra Worm Hits Softly (1)

ScrappyLaptop (733753) | more than 8 years ago | (#14640423)

...You obviously haven't read the Kama Sutra, then. The awkward positions are only good in porn. Try the aquard, you'll like it and your partner will LOVE it!

Re:Kama Sutra Worm Hits Softly (1)

comgen (802337) | more than 8 years ago | (#14640799)

A few thoughts,

The Karma Sutra issue, really there is nothing new about malware like this one. Every day I watch and monitor much worse threats. I feel this one was escalated by the back seat approach Microsoft has taken.

On the M$ site it states that, 3rd party security vendors already have in place solutions to suppress the Karma Sutra threat. Also that they [ M$ ] will not break their patch cycle to address this problem, but.......if you have purchased additional support packages, you can get the patch in advance. They acknowledge the problem, that they have in place the patch already....but the average end-user must wait for the next patch day. Or fork out more cash M$'s way [ Still scratching my head on that one ].

I have one question for M$

" When are you going to allow 3rd party vendors [ security ] to release their own version(s) of the M$ OS [ Windows ] ???? "

I would have zero problems handing over cash to any 3rd party that could offer a secure version of XP. Especially, when it seems that M$ doesn't feel that the every day users of their products are important. It is rather puzzling....3rd party vendors address and watch out for M$'s customers when they don't. Yes, Anti-Virus companies make money by providing computer security and solutions. That's not the real issue at hand, the real issue is the lack of responsibility M$ seems to take for their own products.

An ex-programmer for a rather ' large ' OS provider once told me. " Microsoft and their products are one of only a few services offered that people will accept fault and flaws in, and always return to.....and to boot, they continue to shell out big bucks, not only in the price of the OS, but also in 3rd party technical services that clean and repair their systems of viruses".

I'm not in any way anti Microsoft, I do however feel that they need to ' FIX ' their products, provide more information to the general public about the harm Windows for example can cause [ think big tobacco and the Surgeon General Warning ]. Provide equal product care to all, and again FIX your product(s).

With Karma Sutra the public was made aware of an issue that could have been worse. That is if 3rd party vendors had not provided security solutions for Microsoft and their customers.
I do not feel M$ will ever FIX their product(s), nor will they take responsibility for their flaws, so maybe we need to look else where for a middle ground. One where M$ can continue to produce and sell ' snake oil ' and the customer has enough heads up to purchase/seek if needed extra 3rd party product protection.
How ? , one way is the main stream news media, here in the USA we have Amber alerts, emergency weather, etc. notices on both tv and radio. I suppose they could include Windows security alerts also ? and I would encourage malware writers to include document trashing in all of their code. It seems to wake people up when they hear that their documents and pictures are at risk !!!

Google (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14638389)

What's going on with Google? It's been down now for several minutes.

The naming confusion... (3, Insightful)

undeadly (941339) | more than 8 years ago | (#14638392)

... is intentional. It is due to companies trying "differensiate" themselves from the competition, and very little to do with increasing the security of their paying customers. Quite simply: it is marketing.

Re:The naming confusion... (4, Funny)

Anonymous Coward | more than 8 years ago | (#14638525)

Virus names need to be more insulting to the creators. Some little script kidde is not going to be very proud to have written the "NeverKissedAGirl" virus.

Re:The naming confusion... (1)

techno-vampire (666512) | more than 8 years ago | (#14638738)

It also allows the anti-virus companies to inflate their claims of how many threats they can stop. By listing the same one under every name it's known by, they make it look like they're even more protective than they are. Don't know if any of them actually do this, but it's certainly a possibility.

Re:The naming confusion... (1)

rabeldable (851423) | more than 8 years ago | (#14638842)

"Media Hype" + "Virus Name Variance" = "Consumer Dilemma"

The names of viruses should be treated like tropical storms & hurricanes. With the new year the naming should start over at the letter A, then when the English alphabet is exhausted the names should be Greek... and so on. It makes sense to prevent confusion over the many vendors and their different naming conventions. Of course all of this would have been prevented if M$ decided to create an API that did not require so many privileges.

Re:The naming confusion... (1)

k12linux (627320) | more than 8 years ago | (#14638896)

Yeah, nothing like spouting off how you were the only vendor to detect MyWife.c (because nobody else called the exact same virus something else.)

Confuse the general public? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14638405)

Is that even possible? In other news, the terror alert level has be elevated to Blackwatch Plaid.

Re:Confuse the general public? (0)

Anonymous Coward | more than 8 years ago | (#14638965)

And a very nice tartan that is too!

Total Mess + Government? (0, Troll)

dada21 (163177) | more than 8 years ago | (#14638407)

They got most of the article right, but it isn't Total Mess + Government = ???. It's Total Mess = Government. I guess that's all the article really needed to say.

Honestly, most of us use just one anti-virus application. They're all pretty much equal on what viruses they detect, and the entire Kama Sutra situation called for one simple procedure: "There's a virus possibly hitting Friday, so make sure you update your anti-virus." There really isn't much need to name the virus the same across all AV apps or even countries or any of that, just warn people, use the name you think is decent, and get them to update their AV files.

Re:Total Mess + Government? (0)

Anonymous Coward | more than 8 years ago | (#14639279)

It's Total Mess = Government. I guess that's all the article really needed to say.

Nice try, but you're full of shit, Dada21, as usual.

Anti-virus companies / corporations have created a naming mess by trying to differentiate themselves.

Government tries to instill some order by creating a naming scheme, and it's their fault it's a mess?

You're obviously a totally partisian hack who ought to fuck off and grow up.

$$$ @ Work (2)

Nom du Keyboard (633989) | more than 8 years ago | (#14638409)

a new U.S.-government funded initiative to introduce some sanity into the virus-naming business.

Wow (not WoW)! My tax dollars at work. I am so thrilled now!

Yes, $$$ @ Work (1)

AlpineR (32307) | more than 8 years ago | (#14641738)

Cyberspace is now considered to be a likely arena for future wars (or terrorism, or organized crime). Sure, the Kama Sutra worm seems trivial. But when a virus threatens to bring down a major part of the US economy, then a little investment in improved communication will pay off.

Virus Naming Conventions (5, Insightful)

SilentOneNCW (943611) | more than 8 years ago | (#14638440)

Assigning viruses numbers is an interesting idea, making tracking viruses easier in some ways, but much harder in others. For example, one couldn't say on the Nightly News: "Virus #34932423 has recently stricken the Internet, destroying the International Llama Foundation's forums and redirecting all Google search results to the federal government. Watch out, folks, #34932423 is a real nasty!" If the authorities do not name viruses, they will be given names by the common people to make communication easier. Much better to have an organization give each virus a name that has some chance of making sense, rather than having the masses choose a name that may or may make any sense, i.e. "the blue screen of death virus has hit again!"

Re:Virus Naming Conventions (0)

Anonymous Coward | more than 8 years ago | (#14638494)

#14638440, I don't understand what you mean.

Re:Virus Naming Conventions (1)

greenegg77 (718749) | more than 8 years ago | (#14638818)

No! Not the International Llama Foundation forums! Where am I going to get my quality Llama pron from now?

Re:Virus Naming Conventions (0)

Anonymous Coward | more than 8 years ago | (#14638854)

I prefer midget llama porn myself.

Re:Virus Naming Conventions (1)

ilyanep (823855) | more than 8 years ago | (#14639400)

People are Homo sapiens and yet we call them people. We have multiple names for some animals. Why not do the same for Viri?

Universal # NOT A PROBLEM! (1)

Temujin_12 (832986) | more than 8 years ago | (#14640210)

Why does everyone insist that using a universal numbering system will suddenly prevent anyone from referring to the virus as anything but that universal number? How many of you have used an ISBN number for a book and found very convenient? Did you then go around to all of your friends and say, "Wow I just bought 0-672-32308-7. It was great!"?

Having some sort of universal numbering system does not remove the need for normal names and titles. It just provides an authoritative convension that can be relied upon on a technical level.

IVSC (2, Insightful)

Randall311 (866824) | more than 8 years ago | (#14638449)

They should have an International Virus Standards Committee, so that we can waste lots of time and money deciding what the next virus should be named...

My point is, who cares what it's named! A mass mailing worm is just that. Shouldn't matter if you call it "Blackworm" or "You got f'ed in the a". If it walks like a duck and talks like a duck...

Re:IVSC (1)

techno-vampire (666512) | more than 8 years ago | (#14638757)

They should have an International Virus Standards Committee, so that we can waste lots of time and money deciding what the next virus should be named...

Standards are such a wonderful thing; there's so many to chose from.

Re:IVSC (0)

Anonymous Coward | more than 8 years ago | (#14638940)

My point is, who cares what it's named! A mass mailing worm is just that. Shouldn't matter if you call it "Blackworm" or "You got f'ed in the a". If it walks like a duck and talks like a duck...

Yep, we don't want to spoil the fun.

Like Java depricated and depreciated we could have Blackworm and Blickworm.

computer virus or STD? (1)

stringycheese (949470) | more than 8 years ago | (#14638503)

I can't believe that is the best name the government can come up with. It sounds more like an STD than a computer virus.

Let's ask the Anti-Virus Companies... (3, Funny)

digitaldc (879047) | more than 8 years ago | (#14638526)

...to see if they will promise to use only one name & abbreviation next time:


'Latest Overhyped VIrus Threat' or 'LOVIT'

Numbered Viruses (2, Insightful)

conteXXt (249905) | more than 8 years ago | (#14638547)

Oh boy this is a great idea.

Three genus(es?) = os

Microsoft
Linux
MAC

species = app
ie
etc...

phylum = number (increment)

now here is the kicker: Microsoft will have a canary.

as the numbers will hit the MAXINT for a 32bit OS

newscaster: "MSIE999999999999999 was found in the wild today"

producer: "mumble mumble"

newscaster: "sorry that was MSIE 10 to the power of 999999999999"
 

Re:Numbered Viruses (0)

Anonymous Coward | more than 8 years ago | (#14640330)

FYI, if you're talking about the operating system, it's "Mac", short for "Macintosh". It's not a fucking acronym.

And your post made no sense whatsoever.

silly (1)

josepuerto (951665) | more than 8 years ago | (#14638558)

i think it's an absolutely silly name. they should hire more creative minds to come up with these names...

Re:silly (1)

MightyMartian (840721) | more than 8 years ago | (#14638598)

I hear Karl Rove might be looking for a job soon.

Re:silly (1)

josepuerto (951665) | more than 8 years ago | (#14638718)

haha! and scooter libby, too!

Re:silly (1)

ARRRLovin (807926) | more than 8 years ago | (#14638751)

"I hear Karl Rove might be looking for a job soon."

As an agent in the Matrix?

The problem with variants: cladisitics (4, Interesting)

G4from128k (686170) | more than 8 years ago | (#14638572)

The problem is all the variants of a given malware. For most users, the signature of the payload is less meaningful than the subject line of the e-mail. A virus email that promises Kama Sutra pictures is "different" from one promising Miss Lebanon even if the underlying payload and behavior is identical.

Perhaps AV experts need to use cladistics [wikipedia.org] with a standardized set of feature dimensions. A cladogram of the virus varients and some threshold distance in feature-space would help segment similar and dissimilar malware.

I actually don't hold out much hope for this because malware is an adaptive threat. Malware creators might (and do) easily take steps to obfuscate their warez -- creating spurious variants for the express purpose of confusing AV software, news reporting, and users. The more variants that appear, the harder it is to counter the threat.

The language is now a virus... (3, Informative)

creimer (824291) | more than 8 years ago | (#14638578)

Esperanto is now a virus? I hope it catches on quicker than it was as a language. Otherwise, it'll take 50 years to get anywhere.

Re:The language is now a virus... (1)

JahToasted (517101) | more than 8 years ago | (#14640041)

even then it'll only affect three computers at the UN.

Slightly OT (4, Insightful)

TubeSteak (669689) | more than 8 years ago | (#14638618)

Even though the article comes from blogs.washingtonpost.com, they threw in links to Wikipedia :O)

http://en.wikipedia.org/wiki/Sisyphus [wikipedia.org]
http://en.wikipedia.org/wiki/Tower_of_Babel [wikipedia.org]

To stay ontopic, here's the list of companies and the name they picked for this virus
Authentium: W32/Kapser.A@mm
AVIRA: Worm/KillAV.GR
CA: Win32/Blackmal.F
Fortinet: W32/Grew.A!wm
F-Secure: Nyxem.E
Grisoft: Worm/Generic.FX
H+BEDV: Worm/KillAV.GR
Kaspersky: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/Mywife.E@mm
Norman: W32/Small.KI
Panda: W32/Tearec.A.worm
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
TrendMicro: WORM_GREW.A
So who was calling it "Kama Sutra" ?

Re:Slightly OT (0)

Anonymous Coward | more than 8 years ago | (#14638784)

Subject lines used in the malicious emails include the following:

            *Hot Movie*
            Arab sex DSC-00465.jpg
            Fuckin Kama Sutra pics
            Fw: SeX.mpg
            Fwd: Crazy illegal Sex!
            give me a kiss
            Miss Lebanon 2006
            Part 1 of 6 Video clipe
            School girl fantasies gone bad
            The Best Videoclip Ever

Re:Slightly OT (1)

fdiskne1 (219834) | more than 8 years ago | (#14641294)

So who was calling it "Kama Sutra" ?

That [sfgate.com] would [zdnet.com] be [go.com] the [wdef.com] news [technewsworld.com] media [theregister.co.uk] . You know, the all-knowing virus experts.

And all the non-tech people see this in the news and think it's a big deal. They keep calling asking if we are being hit by it. Gee, I don't know. It's been out since January 17 and our definitions have been updated about 15 times since then. You haven't been opening email attachments from people you don't know claiming to be sending you porn, have you? No? Then I think we're safe.

Come on people. Listen to those who know about what you are reporting. I had the same *&%$ happen a few weeks ago with the WMF flaw. Someone who thought they knew about security sent an email to everyone in the company telling them about a flaw that our systems were protected against anyway. This was after he sent a draft of the email to me to review to make sure he had the facts straight. I advised him to not send it at all. He sent it anyway. All this is just crying wolf. Some day there will be something we need people to be aware of and they will ignore us because of all the false alarms in the past.

Hoping for a "snow" day... (1)

finelinebob (635638) | more than 8 years ago | (#14638740)

What a disappointment!! I was hoping for a day off from work, BUT NOOOOOOOOOOOOOO!!!!

No crashing networks, no choked ISPs, my ping in SWG didn't even go up. What a waste of paranoid hysteria....

Obvious... (-1, Flamebait)

Skiron (735617) | more than 8 years ago | (#14638769)

Why not just call them all 'Microsoft'. Then every week on a Tuesday all the AV people need to do is issue a 'Microsoft' warning - UPDATE now to stop Microsoft.

Then harry homeowner would do it faultlessly [OK].

Standards start at the grassroots (2, Interesting)

Vellmont (569020) | more than 8 years ago | (#14638770)

I'm sure the big Antivirus guys will resist tooth and nail any external change like the CME numbers. As the article says, they aren't the target for this naming scheme, the people who have to deal with these viruses (like a lot of us slashdotters) are the real people who benefit. With a common naming that us end users can agree on we can finally communicate about what virus is what, instead of having some giant table to translate all the time. People will still use the more common names in the press, etc.

The CME number will be like the scientific name of a plant or animal. Specialized to a certain group, but entirely definitive. The antivirus vendors will all eventually have to start publishing a CME identifier with each virus so any administrator will know "what the hell virus is that?".

You forgot one froggy spot (0)

Anonymous Coward | more than 8 years ago | (#14638865)

The French will still want to make up their own name. They did for Email.

Cause or effect? (2, Interesting)

nurb432 (527695) | more than 8 years ago | (#14638883)

Was it a dud beacuse it was nothing to worry about in the first place and the hype was overrated?

or was it a dud beacuse of all the hype and people patched beforehand?

VGrep (2, Informative)

salvorHardin (737162) | more than 8 years ago | (#14639176)

Isn't this exactly what VGrep [virusbtn.com] was designed to sort out?

Universe will come to end when.. (1)

Maxhrk (680390) | more than 8 years ago | (#14639196)

... Someone write the Answer-to-everything-is-42 virus.

Re:Universe will come to end when.. (0)

Anonymous Coward | more than 8 years ago | (#14641322)

Maybe this has already been done.

Hurricane names? (2, Insightful)

serodores (526546) | more than 8 years ago | (#14639314)

Don't they already have a naming convention in place for hurricanes? The World Meteorological Organization has been doing this [wavehelp.com] for years. Given the backing of CERT [cert.org] for vulnerability incident descriptions, details, and classifications, why can't they organize a unique naming convention already used for hurricanes?

Sure, they may run out of names, but they can reuse names as they do for hurricane names, with the exception of widespread popular hurricanes/worms/virii, which can be retired [noaa.gov] , just like some hurricane names.

people get worms and virii? (1)

digitallysick (922589) | more than 8 years ago | (#14639601)

you mean they havent switched to linux yet?? ahhh oh well one day they will learn.

Here's why you give them names. (1)

Churla (936633) | more than 8 years ago | (#14640049)

The same reason we give everything names, to make it easier to remember.

Can anyone rattle off the IP address for www.yahoo.com? (wait.. around here.. bad question...)

But you get the point. We as humans name everything in order to keep better mental reference and remember it. They could have called it the Apple portable media player , but they came up with iPod. And people remember it.

I think that here in the geek world we so commonly have to reference things by numbers that we forget that names are for people who aren't quite as numerically attuned as us.

Now, do they go overboard sometimes? Yes, they try to name things to grab attention and be "sexy" and "something catchy". My opinion is to take some moderately unique word or phrase found in the signature or output and use that. It's what was done and its still done a good bit of the time.

Wow (0)

Anonymous Coward | more than 8 years ago | (#14641411)

I can't believe how much money and resources are wasted on viruses.

Chaos (1)

galatea2.2 (887936) | more than 8 years ago | (#14641522)

There's a naming convention for hurricanes, there ought to be one for viruses. My spouse's company was ready for this virus, had information posted for everyone on the intranet about it. Even other IT people were confused and after reading about the Kama Sutra virus here on Slashdot, wanted to know why there wasn't any information regarding that ("My Wife" may have been the name used in the initial security bulletin). If even other geeks are blowing a gasket, imagine the general public.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>