Skip to main content

Virus naming & The Public Good

This appears to be a case where publicity about a particularly nasty worm has suffered because it was named something different by all the major antivirus vendors. Gaobot, which appears to be the Symantec name for this family of worms, isn't even in the title of this document. Microsoft machines and NDemon/Phatbot/Agobot Worms -- 19 Apr 2004 [Updated: 2004.04.27] It would be helpful to their customers if the AntiVirus vendors would agree to a common naming convention, and certain other standards related to identity of malware threats. A checksum should be provided with all descriptions, as well as standardized means to reference the known capabilities of threats. This probably won't happen unless an open source project, perhaps related to ClamAV finds itself so strong that the weaker AntiVirus companies suddenly find it to their advantage to play along. It's more likely that Microsoft will kill off the weaker AntiVirus vendors before that happens. The stronger AntiVirus vendors will eventually get out of the market, too, leaving a defacto standard -- the Microsoft Way, whatever that will be. It'll probably change every 18 months anyway.

Technorati Tags: , , , , , , , , ,

Comments

kurt wismer said…
there already is a common naming convention among anti-virus companies, but that doesn't guarantee common names across vendors, only that they're all using the same naming system...

the vendor's first priority is getting signatures out to the customer, which means they don't have time to sit around figuring out who gets to name it... they do rename their signatures from time to time in order to agree with other vendors but that's not a particularly reliable process... also, when it's clear that a vendor has already named it, other vendors will use that name but that doesn't help if they're all working on the same thing at the same time...

the way this confusion is being mitigated now-a-days is with the common malware enumeration... malware which is felt to be significant to the public is given a number and when multiple vendors submit samples a process called deconfliction takes place that says X, Y, and Z are all the same thing and so all get the same number even if they have different names...
Monday, January 08, 2007 3:03:00 PM
Post a Comment

Popular posts from this blog

Verified by Visa (Veriphied Phishing?)

If you have used a Visa card to make a purchase online lately you may have encountered a relatively new program, Verified by Visa . I've encountered it twice. The system is an interesting attempt by Visa to reduce online fraud and identity theft. It's a noble effort, but the user experience is unsettling, and the security implications are not exactly crystal clear. Here's what happened to me, both times the Verified by Visa system was activated. I was redirected away from the domain at which I was shopping, to a URL which was: not the domain where I was shopping, not the domain of the bank that issued my card not visa.com I've been telling people for years that if anything like that happens to you, close your web browser immediately and do not under any circumstances enter any personal information into the form, because this is a sure sign of a man in the middle or phishing scam. (Never mind that all the best phishing scams now-a-days look like the actual dom...
20 comments
Read more

SQL Injection - So Easy, Your Server is Already Cracked

In a simple demonstration, a hapless team discovers the truth. "Your server is vulnerable. It's already been cracked. Oh, and by the way, it's already distributing malware for a botnet." A Big Case of Oops! Attitude of management in many organizations is one of the biggest barriers to improved security on the internet. People simply don't want to believe that their systems are vulnerable. Denial is pervasive, and affects organizations from the biggest of the Fortune 500 or Federal government agencies, down to modestly sized companies, local governments, and non-profit corporations. The attitude of the unnamed client described at the "Following the White Rabbit" blog (link above) is all too common. I suspect that an underlying cause is that people want to believe several things that worked pretty well from an evolutionary perspective, but don't work very well on the internet. When everybody around is a bunch of cave dwellers, consumed entirely with...
1 comment
Read more

Bourne Incrimination - bio identity theft, the next big problem

It was only a matter of time before it became possible to create fake DNA evidence. That time is now. DNA Evidence Can be Fabricated [New York Times] Think it's bad when somebody steals your identity, drains your bank account, and spends thousands of dollars on credit cards they opened with your name on it? This run of the mill identity theft can cost you thousands of dollars, and many years to clean up. It pales in comparison to what will happen if biometric data becomes commonly used as proof of identity. Sometimes also called bio-print (like fingerprint) or bio-identity mechanisms, such things as retina scans and fingerprint scans are already in use, or even common use. DNA scans are likely to become possible several years from now, as the technology to read DNA is evolving rapidly. An entire genome can be sequenced by three people and equipment costing a few hundred thousand dollars, in a very short period of time, several days. When it become possible to read DNA in more or...
1 comment
Read more