Confusion reins in naming of viruses that bug computers
Early one Monday afternoon, Craig Schmugar, virus research manager at computer security firm Network Associates Inc., was at his desk taking a quick look at the programming inside a new computer worm that his team had just discovered, still in the early stages of circulating the Web. As Schmugar scanned through the worm's deciphered code, his adrenaline started pumping. This one had ambitions. The worm disguised itself as a bounced piece of e-mail and had an innovative way of collecting addresses, looking for more potential victims. Schmugar had a feeling this one was going to create a lot of trouble; it was time to sound the alarms -- but first he needed to attach a name. What to call it? Antivirus companies compete with each other fervently in the hopes that their customers will hear about the latest computer-based threat from them first. The result is that when there's an outbreak of a new virus or worm, companies often race to offer competing names for the same bug. For some, this regularly occurring confusion is starting to grate. A recent report submitted to the White House, "The National Strategy to Secure Cyberspace," called for more standardized methods of sharing information about security threats and criticized the confusion caused by conflicting names. Industry officials have said they are forming an alliance to resolve such problems, but many security specialists said a solution will be difficult given the competitive nature of the antivirus business. "Nobody is in charge and nobody is going to be willing to put anybody in charge who is not from their company," said David Perry, global education director at Trend Micro Inc. In the early, pre-Internet days of the computer industry, new viruses were so rare and spread so slowly that a central organization of antivirus researchers signed off on the accepted name of each new virus that was discovered. Today, viruses can spread worldwide in a couple of hours. And they are appearing at an increasingly rapid rate; by one estimate, 77,000 pieces of malicious code have been documented. Though the industry has settled on some rules guiding virus nomenclature, the process can be remarkably haphazard. Recent viruses have gotten their names from soda drinks ("Code Red") and mythical beasts ("Bugbear"); some early antivirus researchers identified programs by working through a list of tree names. There are rules about naming a virus. It is frowned on, for example, to name a virus after a person or a company. Antivirus researchers also avoid giving a virus the name its creator may have intended, as indicated in its code. Confusion can occur when several companies give the same worm a different name. Many versions of a virus that came to be known as "klez" were considered relatively harmless, until a highly destructive sequel came out. Different antivirus firms had numbered the klez virus sequels differently, and corporate security teams were left scrambling as they had to figure out which version to be wary of. "It can be bad news for the customers," said Alex Shipp, a senior antivirus researcher at e-mail security firm MessageLabs Inc. "They have no hope of sorting out that mess." There is a simple rule for which company gets naming rights: The person or company that finds and posts information about a virus first gets to name it. But that's a rule that is often dropped in the heat of the moment. It's not clear whether Network Associates actually named the worm first or not -- but "MyDoom" was a name that caught on recently.
Reproduced from an article published by Boston.com
© Boston.com
The original article can be viewed here:
http://www.boston.com/business/technology/articles/2004/02/29/confusion_rei...
Permalink Bookmark Digg this story
