Virus names could be standardized
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: nethappenings@xxxxxxxxxxxxx
- Date: Tue, 30 Nov 2004 14:22:02 -0500
**************************************************************
Educational CyberPlayGround Community
http://www.edu-cyberpg.com/
NetHappenings Mailing List ©1993
-- Subscribe - Unsubscribe - Set Preferences
http://www.edu-cyberpg.com/Community/NetHappenings.html
Advertise on Nethappenings the oldest K12 Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
All Mailing Lists
http://www.edu-cyberpg.com/Community/index.html
**************************************************************
**************************************************************************
Education Vendor Directory - Advertise Your Services.
Helps educators make the most efficient use of your resources
Get your products or services noticed
through support of the Educational CyberPlayGround,
a clearinghouse of educational resources.
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
**************************************************************************
Virus names could be standardized
<http://www.cbronline.com/article_news.asp?guid=11D11704-DE5B-45BD-AF4B-45D8F44E055C>
November 25, 2004
US-CERT, the Computer Emergency Readiness Team within the US
Department of Homeland Security, is coordinating a Common Malware
Enumeration initiative among vendors, according to a letter sent to
The SANS Institute.
The letter, signed by representatives of the DHS, Symantec, Microsoft,
McAfee, and Trend Micro, said the industry hopes to address "the
challenges surrounding the 'Virus Name Game'," with a pilot program
coming as early as January.
US-CERT will act as a "neutral third party" that coordinates a
database of malware identifiers. It will look quite a lot like the
Common Vulnerabilities and Exposures list, currently managed by The
Mitre Corp and sponsored by US-CERT.
"By building upon the success of CVE and applying the lessons learned,
US-CERT, along with industry participants... hopes to address many of
the challenges that the anti-malware community currently faces," they
wrote.
The identifiers will look something like "CME-1234567", the letter
says. Headline writers need not be too dismayed, however, as it
appears there could be room to apply media-friendly names like
"Blaster" and "Slammer" to new threats.
At first, CME will be confined to "major" threats. The project leaders
wrote: "There are significant obstacles to effective malware
enumeration, including the large volume of malware and the fact that
deconfliction can be difficult and time-consuming". Deconfliction,
while not a word, is used in military circles to mean the removal of
conflict.
This was evident recently when some vendors named the first mobile
exploit for the Internet Explorer 6 Iframe bug Bofra, while others
said it was a variant of MyDoom. F-Secure Corp said Bofra and MyDoom
had less than half their code in common.
This kind of conflict could presumably still arise under a CME
numbering system, but at least security administrators would be able
to tell they were the same threat and only one signature or definition
is needed for protection.
Generally, assigning names to viruses is currently the job of the
companies that find them. In fast outbreaks, companies will often
assign different names, and the media does the job of deciding which
one will stick in the public consciousness.
Names are often derived from the filenames, the content of the email
the worm attaches itself to, or plaintext found inside the code.
Blaster, one of the most serious threats ever, was MSBlast.exe, but
somebody at Symantec decided Blaster sounded better.
McAfee called the same worm Lovsan after finding plaintext reading "I
just want to say LOVE YOU SAN!!". Plaintext ridiculing Bill Gates also
led to the suggestion "billy". Neither name is widely used today.
Sometimes naming can be even more arbitrary. The Melissa worm was
named by its own author after a stripper known to him, it later
emerged in court. Code Red is a high-caffeine soft drink the geeks at
eEye Security Inc were drinking when they spotted it.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp
HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp
Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Other related posts:
- » Virus names could be standardized