Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Government United States Worms Politics

Name That Worm 80

Ant wrote to mention a C|NET article reporting on the Common Malware Enumeration (CME) initiative, now emerging from its test phase. From the article: "Next month, the U.S. Computer Emergency Readiness Team (CERT) plans to officially take the wraps off the effort, meant to reduce the confusion caused by the different names security companies give worms, viruses and other pests. The project assigns a unique identifier to a particular piece of malicious software. When included in security software, in alerts and in virus encyclopedia entries, this identifier should help people determine which pest is hitting their systems and whether they are protected ..."
This discussion has been archived. No new comments can be posted.

Name That Worm

Comments Filter:
  • Proposal (Score:2, Interesting)

    by b100dian ( 771163 )
    Run all antiviruses on a machine.
    Exec the worm.
    Blitblt the screenshot into an OCR buffer.
    Compute the name of the worm

    extra step: see if all AVs fired: if not so, the naming can become "AV killer"
  • Did you get my joke email? just save the billgatespie.exe and run it for a fun game
    • did you know that if you rename billgatespie.exe to .scr you can install it as a screensaver?

      then install a password on it and no one can stop it short of a reboot... or 30 mins, give or take.
  • by Anonymous Coward
    All worms should be named "Bill"... after the man that made them all possible!
  • by Anonymous Coward
    I think the most difficult part of this proposal will be getting the virus writers to include the unique identifier in their code. Besides, isn't the evil bit already supposed to take care of this issue?
  • by Anonymous Coward on Friday September 23, 2005 @05:44PM (#13633597)
    The use of the name "FruitFucker 2000".

    Thank you and good nite
  • by Sv-Manowar ( 772313 ) on Friday September 23, 2005 @05:45PM (#13633609) Homepage Journal
    If this step does anything to simplify the myriad of naming schemes provided by security & antivirus companies, then its more than welcome. Working out exactly what worms have which effects is hard enough without the confusion of complex names and differing schemes. However, the voluntary nature of this new naming scheme may mean it sits alongside the current identifiers and names, which would significantly lessen its effect. I guess only time will tell which way the companies decide to go..
  • What? (Score:3, Funny)

    by Overly Critical Guy ( 663429 ) on Friday September 23, 2005 @05:49PM (#13633633)
    What's an "internet worm?"

    Signed,
    Every OS X user
  • Politics? (Score:1, Offtopic)

    by gmuslera ( 3436 )
    Why the article is in that section?
  • by Fox_1 ( 128616 ) on Friday September 23, 2005 @05:50PM (#13633647)
    To be honest I imagine it's pretty kewl to have created a nasty piece of software that takes down millions of computers and costs billions in damages. At least in a perfect world where everybody is happy, corners are round and nobody ever gets hurt. It's even cooler if the virus you create gets a name like 'code red' or 'blaster' or 'buddy the smackhappy clown' and gets all sort of media coverage and everybody recognizes the name. I maen that's pretty awesome. So I hope that this naming system the 'Common Malware Enumeration' , makes names that are as exciting as it's own. In other words, boring. Take away some of the fun that the virus writers have been enjoying from their nasty little creations.
  • Not hard to do (Score:3, Interesting)

    by Red Flayer ( 890720 ) on Friday September 23, 2005 @05:53PM (#13633669) Journal
    Why don't we just use the Linnean system?

    I'm all about latin names for malware -- for one thing, malware creators won't feel so cool when their piece of code gets designated "Caenorhabditis Crapiticus" of the phylum Nematoda.
  • Ya know... (Score:3, Interesting)

    by Shadow Wrought ( 586631 ) <shadow@wrought.gmail@com> on Friday September 23, 2005 @05:56PM (#13633701) Homepage Journal
    It's not a like a hurricane in which everyone can agree on which worm is which. How do you know that Worm Bob really is an unique new worm, and not just a variant of Worm Jimbo? And what happens when the 21 names run out?
  • by Vellmont ( 569020 ) on Friday September 23, 2005 @05:57PM (#13633704) Homepage
    It's great that there will be at least one recognized identifier for worms, but when people talk about the worm are they really going to refer to it as CME-123 (for example)? There still needs to be a common name that's accepted. We don't for instance have 15 different names for chicken pox. The virus is called varicella-zoster, or human herpes virus 3. Everyone knows what chicken pox is though.
  • by G4from128k ( 686170 ) on Friday September 23, 2005 @06:02PM (#13633747)
    Instead of hard-to-remember ID numbers for malware, why not use those funky passwords that AOL puts on their CDs for creating new accounts. I'd like to here about viruses names such as WONTON-FLOES or GRAVEL-TAPE, to use two passwords from recently mailed AOL CDs.
  • by Humorously_Inept ( 777630 ) on Friday September 23, 2005 @06:02PM (#13633749) Homepage
    What will the agreed-upon name be for that piece of malware? Seems like Norton's more tenacious than and presents a larger array of system-wide issues to users than do the many of the viruses/worms/trojans it's supposed to protect against.
  • CARO? (Score:3, Interesting)

    by Leebert ( 1694 ) on Friday September 23, 2005 @06:12PM (#13633822)
    Whatever happened to the Compute Antivirus Research Organization (CARO)? I thought they were the de facto standard for naming of viruses.
    • Re:CARO? (Score:2, Informative)

      by Anonymous Coward
      Yes, I wondered about that as well. The CARO system has worked well for a long time now, and there have been a number of initiatives to regularise the virus naming taxonomy - I remember Jim Bates coming up with one in the 80s, which was all numeric!

      The problem is that the researcher working on a virus has to name it very rapidly. Viruses are often varients of others, so you need expertise in name allocation - it can only be done by the researchers. I would have though that the CARO system had sorted out all
    • As someone who works in the industry I can comment: CARO developed the naming standard (e.g. W32/FamilyName.Variant@reference) not the actual names for the malware. CARO members run a discussion forum that actually will decide which new malware warrants a new CME IDs. So CARO and other Antivirus groups all collaborate on this.
  • Worm naming... (Score:4, Insightful)

    by jemenake ( 595948 ) on Friday September 23, 2005 @06:21PM (#13633902)
    Are they going to use alphabetical-ordered human names like with hurricanes?

    Can't you just see the newspaper headlines already? "Worm Andrew Batters Microsoft Servers! The worm overtopped firewalls and flooded into data-centers throught the country. Emergency officials said that it will take a week to repair the firewalls and begin letting users back into the data..."
  • name that worm in 3 infections.
  • by Anonymous Coward
    How is this any different from using a single firm for virus/worm names?

    If I always look at the AVG name of whatever gobbledygook is out there, it doesn't matter what else it's called. If i'm searching for info on it, other vendors will have the Symantec / McAfee / TrendMicro / YourMomAV name alongside their own.

    It's just another "vendor" name to add to the list:

    Vendor A calls it this
    Vendor B calls it this
    Vendor C calls it this
    Government A calls it this
  • This project is likely intended to do for viruses, spyware, and other malicious programs what CERT's existing Common Vulnerabilities and Exposures (CVE) [mitre.org] does for security issues. CVE has attained widespread acceptance for use in unique and unambiguous identification of security issues; hopefully this project will have the same level of success.
    • I think you're exactly right that CME is trying to do for malware identifiers what CVE has done for vulnerability ids. CVE's adoption is a good example of how a voluntary standard can make real progress. Seems from the article that the major players (Symantec, McCaffee, Trend Micro, Kaspersky) are already on board with CME, too, which is very encouraging.

      One clarification, though: I believe CVE is run by MITRE, and funded by US-CERT. CERT/CC uses CVE IDs in their publications, but doesn't control the eff
  • and cuddle him and call him George.
  • they use for hurricanes. It is very simple, just name them after the ex-boyfriends and ex-girlfriends of every employee in the organization that names such things.

    "Katrina discovered that I was cheating on her with Rita? I'll show them both after I get my organization to name hurricanes after them!" -Anonymous Weather Scientist

    Perhaps they can name them after strippers, like the Melissa worm was named? Better yet, how about celebrities? I got infected with the Tom Cruse worm. Yeah well I got infected with P
  • Usually when I get to the point where I feel like naming the worm, I'm already near the end of the bottle so I'm not likely to remember what name I come up with.

  • softwareproduct-year-n

    where year is the year, and n is count of worms/viruses/trojans/ that have hit that product that year.

    Ex:

    Internet explorer-2001-55
    Microsoft Excel-1999-33
    Firefox-2004-44
    MacOSX--2005-2
    windows-2003-666

    Oh, and people would be all better off just leaving computers alone for the holidays...

  • I lean toward Harry Seldon's naming approach: "Idiot number 1", "Idiot number 2", etc. For both a virus creator and their product. His emperor's approach of following that with execution is an optional enhancement.

It is masked but always present. I don't know who built to it. It came before the first kernel.

Working...