Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AV Naming Convention

From: Valdis.Kletnieks () vt edu
Date: Tue, 10 Aug 2004 14:50:18 -0400
On Tue, 10 Aug 2004 18:08:48 +0200, Thomas Loch said:


Why can't we handle not yet named viruses as 'unnamed' or we use a 
standardized (by ISO?) method to generate a numeric code that consists of a 
classification in categories and a sequential number and probably some kind 
of checksum or hash until the virus gets an official name?


1) "unnamed" runs into the 'John Doe 1', 'John Doe 2', etc. problem.  Remember
just a few months ago, two virus writers got into a grudge match and we had
multiple unknowns every day for a few weeks? ;)

2) You're researching a worm that spreads via IM, I'm researching a mass-mailer
worm.  We both grab a code, and later find out it's the same thing.  How is that
any different from the current situation?  You still have stuff you posted calling
it ISO-IM-00485, and I've posted stuff calling it ISO-MM-09453.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: