[ISN] Bagle e-mail virus slows, fuels naming debate

From: William Knowles (wk@private)
Date: Thu Jan 22 2004 - 00:40:42 PST

  • Next message: William Knowles: "[ISN] CodeCon program announced, early registration deadline nearing"

    http://www.computerworld.com/securitytopics/security/story/0,10801,89264,00.html
    
    [I've said it privately that one way to stomp out Windows viruses is
    to stop giving them cutesy names, I really wish someone would name the
    next Windows virus "Big Red Penis".  I would think one virus outbreak
    with Dan Rather or Peter Jennings having to start out the national
    news talking about the Big Red Penis virus infecting Windows computers
    worldwide would be enough to get Redmond to take some real action in
    stopping future outbreaks.   - WK]
    
    
    Story by Bernhard Warner
    JANUARY 21, 2004
    REUTERS
    
    Antivirus technicians said today that Bagle, the latest e-mail virus 
    to hit global computer users, is in decline and no longer considered a 
    major threat. But as the contagion runs its course, some antivirus 
    technicians are asking whether there's a better way of naming such 
    viruses to alert the public. 
    
    Since emerging on Sunday (see story) [1], Bagle has been something of
    a mystery. Computer security experts first called it "Beagle" after
    pulling the reference from a line of code found in the malicious
    program.
    
    Later, it was given the name Bagle, a misspelled version of the 
    doughnut-shaped roll. Warnings about a malicious bagel drew more 
    questions than normal from the virus-weary public. 
    
    "Personally, I would have called it Beagle rather than Bagle, for the 
    sole purpose of avoiding all these support calls asking, 'Why did you 
    call it bagle?' " said Graham Cluley, a senior technology consultant 
    at Sophos PLC, a U.K.-based software firm specializing in virus and 
    spam detection. 
    
    Agreeing on a single, easily identifiable name is a crucial step in 
    the virus alert process. Quickly publicizing the existence of a new 
    outbreak and developing a prescribed fix are vital to stopping worms 
    and viruses in their tracks. 
    
    Despite the technical expertise that goes into identifying an outbreak 
    and a remedy, the process of naming a virus is hardly scientific. In 
    the past, digital viruses and worms have been named after favorite 
    lunch dishes or friends, or plucked from the words or phrases found in 
    the code by antivirus technicians. Sometimes the words are jumbled, as 
    with Nimda, which is admin spelled backwards. 
    
    As a result, computer users have been urged to brace themselves 
    against such notorious contagions as Slammer and Goner. And they have 
    been advised not to be fooled by the infamous Love Bug or click on 
    Anna Kournikova. 
    
    With hundreds of new outbreaks emerging each month, new monikers are 
    in short supply, experts said. 
    
    For this reason, some have suggested that antivirus firms devise a 
    naming procedure like national weather services, which have agreed on 
    a long alphabetical list of names for hurricanes years before they 
    form. "What I would like to see is everybody using the same naming 
    scheme," said Alex Shipp, senior antivirus technologist at MessageLabs 
    Ltd., a U.K.-based e-mail virus detection firm. 
    
    "It's confusing if you think your antivirus software has you protected 
    against one virus and then you hear on the radio it's called something 
    else," Shipp said. 
    
    But getting virus technicians to agree is no small feat. "I'm afraid 
    it's never going to happen," Cluley said. "These virus outbreaks 
    travel around the world in minutes. If you have a hurricane coming at 
    you, you have a few hours to agree." 
    
    
    [1] http://www.computerworld.com/securitytopics/security/story/0,10801,89222,00.html
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 22 2004 - 03:05:24 PST