|
`Kama Sutra' opens can of virtual worms
MALWARE:
Although the multitude of aliases used for the same threat worries anti-virus researchers, the media hype over `Kama Sutra' helped avert disaster
AP, NEW YORK
Sunday, Feb 05, 2006, Page 11
Friday's file-destroying worm goes by "Mywife" at Microsoft Corp and McAfee Inc, "Blackmal" at Symantec Corp and CA Inc and "Kama Sutra" in most media reports. At F-Secure Corp, it is version "E" of "Nyxem," while Sophos PLC says it is version "D." Others variably refer to it as "Kapser," "KillAV," "Grew" or "Blackworm."
The official name? "CME-24."
The moniker may seem much ado about nothing, but security researchers worry that the variance could confuse consumers.
Customers of one vendor's product, for instance, may believe they are protected against "Nyxem.D" when in fact that vendor uses "E." Or they may hear about "Kama Sutra" but don't realize their product already protects them from "Kapser," prompting phone inquiries that overload support desks.
The confusion partly results from the speed with which worms spread.
"Anti-virus companies when they get a sample need to act on that quickly," said Ken Dunham, director of the rapid response team for VeriSign Inc.'s iDefense. "They don't have time in their competitive environment to be able to go out and coordinate and have a nice little talk" about naming.
Security researchers face many decisions coming up with that initial name. Often, a new outbreak is a variation of an existing worm, so the vendor will use the next letter in the series.
But sometimes the variation is so small that not every vendor calls it a separate version, said Mikko Hypponen, chief research officer for F-Secure. Or the variation may be a bit larger, prompting some vendors to use a new name, while others use the next letter, he said.
That's why some vendors began referring to Kama Sutra as "Grew.A"; it destroys files rather than try to overload Web sites with fake traffic, as previous versions did. But they share code and techniques with predecessors, so F-Secure went with "Nyxem.E," rearranged from the acronym for the New York Mercantile Exchange, whose Web site was targeted by the initial variant.
The US Department of Homeland Security is attempting to unify naming through the Common Malware Enumeration, or CME. The larger outbreaks are assigned a random number -- in this case "24" -- to bring the various names under a single umbrella. A Web site making that information public launched in October.
But "CME-24" doesn't quite have the same ring as "Kama Sutra," so named after the Hindu love manual because of the pornographic come-ons in e-mails spreading it. Media outlets began adopting Kama Sutra, even though no major security company calls it that.
"It's primarily a media term," Dunham said. "It's something people are going to read about."
Companies and individuals heeded warnings on the worm, helping minimize its damage on Friday, security experts said.
One Italian city shut down its computers as a precaution, but otherwise the worm's trigger date arrived with relatively few reports of problems.
Hundreds of thousands of computers were believed to be infected, but security vendors say many companies and individuals had time to clean up their machines following the alarm, carried by scores of media outlets.
This story has been viewed 2404 times.
|
Print
Mail
wiki links