I've argued within our circles that whoever isn't calling it Slammer or Sapphire doesn't believe in name synchronization. Because those two names were the first on the scene. We call it Slammer, or SQLSlammer, or something like that. But we have a relationship with ISS. And the funny thing, when we gave the thing to the other AV companies, we said, "Here it is!" They said, "No, we want the file!" I said, "that's it. This is memory only. You only have 'traffic' to deal with." Still didn't believe me for a whole hour. sigh. And then they still named it something else! sigh^2. Jimmy -----Original Message----- From: Andrew Plato [mailto:aplato@private] Sent: Monday, January 27, 2003 7:06 PM To: crime@private Subject: CRIME SQLSlammer Worm -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anybody else notice the interesting little war going on with this worm. I believe ISS was the first to report the worm and they named it SQL Slammer. But then other companies jumped on it and gave in their own name. So now the worm has like 12 different names. ISS calles it SQL Slammer, eEye and F-Secure call it Sapphire, Symantec calls it SQLexp, and Kaspersky labes calls it Helkern, and Trend Micro has the most elegant name SQLP1434.A (which sounds more like an asteroid then a worm). I kind of liked Slammer - seeing as how it did slam the Internet pretty hard. Sapphire sounds like a porn star and Helkern sounds like a German beer. Seems kinda petty to me, but when have security firms been above pettiness? ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - WinPT 0.5.13 iD8DBQE+NfNnRFTPAXEeGWkRAquBAJ4wR553AukT4e5s6QePibWrtGSW4gCeOZ1I Xy4/OY+puEchEguMgkGaDAE==wp3d -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 22:06:32 PST