RE: [Full-Disclosure] correct names [was: 3127/tcp by Doomjuice (Kaspersky) - MyDoom takeover?]

From: Daniel Otis-Vigil (dvigil_at_moosoft.com)
Date: 02/10/04

  • Next message: icbm: "[Full-Disclosure] XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow"
    To: "'dgj'" <dgj+@pitt.edu>, <nick@virus-l.demon.co.uk>
    Date: Mon, 9 Feb 2004 23:23:21 -0700
    
    

    I am guessing that MyDoom.C was incorrectly named DoomJuice because some AV
    guy was drinking OJ when he was looking at this. AFAIK, there is no central
    naming authority yet.

    Daniel Otis-Vigil
    MooSoft Development
    http://www.moosoft.com

    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of dgj
    > Sent: Monday, February 09, 2004 3:24 PM
    > To: nick@virus-l.demon.co.uk
    > Cc: full-disclosure@lists.netsys.com
    > Subject: Re: [Full-Disclosure] correct names [was: 3127/tcp
    > by Doomjuice (Kaspersky) - MyDoom takeover?]
    >
    >
    > On Feb 9, 2004, at 2:59 PM, Nick FitzGerald wrote:
    > >
    > > Yes -- Deadhat (more correctly known as Vesser) was found
    > late Friday
    > > or early Saturday (depending on your TZ) but this new one,
    > DoomJuice,
    > > (incorrectly originally classified as a Mydoom variant and
    > thus called
    > > Mydoom.C by some) has only been isolated and analysed in
    > the last few
    > > hours...
    > >
    > >
    > > --
    > > Nick FitzGerald
    > > Computer Virus Consulting Ltd.
    > > Ph/FAX: +64 3 3529854
    > >
    > >
    >
    > Greetings,
    >
    > Deadhat/Vesser, DoomJuice/Mydoom.c, "more correctly known as",
    > "incorrectly originally classified as", ...
    >
    > Is there, or will there ever be any kind of "naming authority" for
    > these things? I assume that most major av houses have telephones &
    > email access, so why isn't there any kind of agreement on names? The
    > lack of a single name for a threat is kind of bogus.
    >
    > Is this driven only by the marketing departments at the firms?
    >
    > And how does the poor, long-suffering sysadmin know what the correct
    > name is, google them all when the dust settles and see what gets the
    > most hits??
    >
    > --dj
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: icbm: "[Full-Disclosure] XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow"