Re: [Full-Disclosure] correct names [was: 3127/tcp by Doomjuice (Kaspersky) - MyDoom takeover?]

From: dgj (dgj+_at_pitt.edu)
Date: 02/09/04

  • Next message: Shawn K. Hall (RA/Security): "RE: [Full-Disclosure] Apparently the practice was prevalent"
    To: nick@virus-l.demon.co.uk
    Date: Mon, 09 Feb 2004 17:23:50 -0500
    
    

    On Feb 9, 2004, at 2:59 PM, Nick FitzGerald wrote:
    >
    > Yes -- Deadhat (more correctly known as Vesser) was found late Friday
    > or early Saturday (depending on your TZ) but this new one, DoomJuice,
    > (incorrectly originally classified as a Mydoom variant and thus called
    > Mydoom.C by some) has only been isolated and analysed in the last few
    > hours...
    >
    >
    > --
    > Nick FitzGerald
    > Computer Virus Consulting Ltd.
    > Ph/FAX: +64 3 3529854
    >
    >

    Greetings,

    Deadhat/Vesser, DoomJuice/Mydoom.c, "more correctly known as",
    "incorrectly originally classified as", ...

    Is there, or will there ever be any kind of "naming authority" for
    these things? I assume that most major av houses have telephones &
    email access, so why isn't there any kind of agreement on names? The
    lack of a single name for a threat is kind of bogus.

    Is this driven only by the marketing departments at the firms?

    And how does the poor, long-suffering sysadmin know what the correct
    name is, google them all when the dust settles and see what gets the
    most hits??

    --dj

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Shawn K. Hall (RA/Security): "RE: [Full-Disclosure] Apparently the practice was prevalent"