I think that naming conventions of Botnets is somewhat a moot point. You even say in your article it's not really possible... I agree that some sort of consolidated effort be made internationally... however I believe this is of lesser concern than actually learning how to better track Botnets themselves, work by Thorston Holz (Tracking and Mitigation of Malicious Remote Control Networks) is very interesting in this area and outlines several interesting techniques. A central database tracking the Botnets would be a great idea... In general IT has hundreds of synonyms for the same thing... I dont think Botnets are any different... Conficker for example is known by many names:
Net-Worm.Kido!sd6 [PCTools]
W32.Downadup.B [Symantec]
Net-Worm.Win32.Kido.ih [Kaspersky Lab]
W32/Conficker.worm.gen.a [McAfee]
Mal/Conficker-A [Sophos]
Worm:Win32/Conficker.B [Microsoft]
Net-Worm.Win32.Kido [Ikarus]
Win32/Conficker.worm.Gen [AhnLab]

This has not stopped countless papers analysing it and organisation like the honeynet project and conficker working group looking in great detail at it's working...

In summary, I think we should be less worries about nomenclatures and more worried about centralising knowledge regarding the exploits and raising everyday awareness about patching etc etc

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/501/35480#35480