Steve Halligan <agent33at_private> wrote: > Check this out. Is this media nonsense, or is there really something to it? > > http://news.cnet.com/news/0-1003-200-6835996.html Consensus among my contacts with good Korean contacts is that it is the former. There is no "CodeRed III" though some people used that name, or "CodeRed [v]3", to prevent confusion with the use of various forms of "version 2" when the second CodeRed variant (the one with the fixed PRNG) was found. Antivirus people still have lots of naming issues, but we have been dealing with these kinds of issues for years. As it stands now, there are three CodeRed variants (or two if think the last one is not a CodeRed variant). CodeRed.A (aliases CodeRed, CRv1) CodeRed.B (aliases CodeRed [v]2, CRv2) CodeRed.C (aliases CodeRedII, CodeRed [v]3 and now CodeRed III) Perhaps the above makes it clear why a structured taxonomy is a good thing. The reason AV has included the third of these worms in the CodeRed family is that, although there is little (or no) code continuity between it and the earlier pair, it would just be too confusing to name it differently *and* enough different from "CoedRedII" and the security folks would call it that anyway and as much as possible we do not name malware after its writer(s) nor with the name its writer(s) wanted/intended. (Yes, there are many (historical) "exceptions" to those last two "rules", but some of us are working on correcting that for future namings...) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 15:11:55 PDT