Bagle e-mail virus slows, fuels naming debate

[William Knowles <wk () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,89264,00.html

[I've said it privately that one way to stomp out Windows viruses is
to stop giving them cutesy names, I really wish someone would name the
next Windows virus "Big Red Penis".  I would think one virus outbreak
with Dan Rather or Peter Jennings having to start out the national
news talking about the Big Red Penis virus infecting Windows computers
worldwide would be enough to get Redmond to take some real action in
stopping future outbreaks.   - WK]


Story by Bernhard Warner
JANUARY 21, 2004
REUTERS

Antivirus technicians said today that Bagle, the latest e-mail virus 
to hit global computer users, is in decline and no longer considered a 
major threat. But as the contagion runs its course, some antivirus 
technicians are asking whether there's a better way of naming such 
viruses to alert the public. 

Since emerging on Sunday (see story) [1], Bagle has been something of
a mystery. Computer security experts first called it "Beagle" after
pulling the reference from a line of code found in the malicious
program.

Later, it was given the name Bagle, a misspelled version of the 
doughnut-shaped roll. Warnings about a malicious bagel drew more 
questions than normal from the virus-weary public. 

"Personally, I would have called it Beagle rather than Bagle, for the 
sole purpose of avoiding all these support calls asking, 'Why did you 
call it bagle?' " said Graham Cluley, a senior technology consultant 
at Sophos PLC, a U.K.-based software firm specializing in virus and 
spam detection. 

Agreeing on a single, easily identifiable name is a crucial step in 
the virus alert process. Quickly publicizing the existence of a new 
outbreak and developing a prescribed fix are vital to stopping worms 
and viruses in their tracks. 

Despite the technical expertise that goes into identifying an outbreak 
and a remedy, the process of naming a virus is hardly scientific. In 
the past, digital viruses and worms have been named after favorite 
lunch dishes or friends, or plucked from the words or phrases found in 
the code by antivirus technicians. Sometimes the words are jumbled, as 
with Nimda, which is admin spelled backwards. 

As a result, computer users have been urged to brace themselves 
against such notorious contagions as Slammer and Goner. And they have 
been advised not to be fooled by the infamous Love Bug or click on 
Anna Kournikova. 

With hundreds of new outbreaks emerging each month, new monikers are 
in short supply, experts said. 

For this reason, some have suggested that antivirus firms devise a 
naming procedure like national weather services, which have agreed on 
a long alphabetical list of names for hurricanes years before they 
form. "What I would like to see is everybody using the same naming 
scheme," said Alex Shipp, senior antivirus technologist at MessageLabs 
Ltd., a U.K.-based e-mail virus detection firm. 

"It's confusing if you think your antivirus software has you protected 
against one virus and then you hear on the radio it's called something 
else," Shipp said. 

But getting virus technicians to agree is no small feat. "I'm afraid 
it's never going to happen," Cluley said. "These virus outbreaks 
travel around the world in minutes. If you have a hurricane coming at 
you, you have a few hours to agree." 


[1] http://www.computerworld.com/securitytopics/security/story/0,10801,89222,00.html




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.