, SecurityFocus 2006-03-09
In early February, antivirus firms warned customers about a computer virus programmed to delete files on the third of each month, but almost every company called the program by a different name.
Expand all |
Post comment
Biologists of course *do* discover hundreds of new species every week. A total of 1.5 million species have been formally described and named over the last ~270 years since the Linnaean system was developed, amounting to an average rate of 110 per week. However the rate has greatly increased over time, so it started off with only a few hundreds in the first few years, and is now many hundreds per week.
It is true that they are usually not found simultaneously all over the world, although that does happen. On the other hand, this is offset to some degree by the fact that a name does not become "official" until published in a peer reviewed journal, a process much slower than that used by software antivirus companies.
So, perhaps the answer to this problem is to copy the biologists, and develop a Linnaean system for malware. As soon as you find a new piece of malware, except on the very rare occasions that someone has actually been innovative, a dichotomous key will quickly enable you to get all the way from Phylum through Class and Order down to Family (in this case, let's say "Melissidae" [1]) and probably genus, let's say "Sobrium" [2]. If it includes new core code you get to make up a new species name (say "trogius" [3] in this case), otherwise if only the window dressing has changed it can become a "variety" name which of course only specialists will care about. So the advisories can just warn us about "Sobrium trogius"!
____
1. Which to virus taxonomy experts would mean "just another windows worm which requires a witless user to first run an unexpected executable attachment, then gathers email addresses from the victim machine and repeats the process by mailing itself to the fool's friends".
2. Which to virus taxonomy experts would mean "this one uses its own SMTP engine instead of relying on stupid misfeatures in Outlook, and oh yeah it also tries to disable virus scanners".
2. Which to virus taxonomy experts would mean "this one also infects file shares, and destroys files", but of course now we've got to individual species it also implies all the other characteristics. This name might be a bit less obvious; it is derived from the name of a "bookworm" which mainly attacks poorly maintained libraries....
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11380/33335#33335