Results 1 to 3 of 3

Thread: Uniformity in naming worms/exploits

  1. #1
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004

    Uniformity in naming worms/exploits

    Zotob.E, Tpbot-A, Rbot.CBQ and IRCbot.worm: all names given to a single worm that wreaked havoc in Windows 2000 systems last month. Among the plethora of identifiers, perhaps the most useful--CME-540--didn't make an impact.

    But that's about to change. CME-540 was the tag attached to the worm by the Common Malware Enumeration initiative, which is just emerging from its test phase. Next month, the U.S. Computer Emergency Readiness Team plans to officially take the wraps off the effort, meant to reduce the confusion caused by the different names security companies give worms, viruses and other pests.
    Name that worm--plan looks to cut through chaos | CNET News.com

  2. #2
    Join Date
    Jul 2005
    Don't think it will work, though. The big companies are probably not willing to give up on their own naming systems in favour of some more generic one. It's a bit like deciding which way is the best technique to name variables in sourcecode. Hungarian notation? CamelCase? Under_scores? Everyone will have their personal favorite and I don't think they will ever agree on one single mechanism. It will just mean that we have yet another standard that many will just be ignoring... Besides, what sounds cooler? CME-666 or MyDoom@mm ?

  3. #3
    Senior Member
    Join Date
    Aug 2003
    sry, we are talking about modular sourcecoded irc bots
    regarding bots the AV companies' handling and end-user-information is still ridiculous
    e.g. symantec makes their users thinking that such a program has everytime the same name
    and would only try to connect to a specific ircd (url)
    ...but .. it takes just a minute to compile a new version using other names servers keys or whatever
    the real problem is the detection of an exploit compiled into a optimized pe-packed or/and crypted
    released "whateverbot.exe"

    if you are not sure what i'm talking about you may request the agobot executable that hits our
    company's net last month (and what i know about )
    [the program will try to send a mail to an AOL account and will try to connect to a hacked ircd located in italia. however this may be monitored by FBI cos the worm crawled into networks
    the people who compiled and started it do not know about yet]

    ==> (browse: http://www.foxnews.com/story/0,2933,165949,00.html

    achja .. sorry fürs beschissene english
    Industry Kills Music.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts