 
By Robert Vamosi Recently, however, a virus has appeared that has stumped the antivirus community. Antivirus companies can't seem to agree on a standardized name for the latest variant of the Yaha virus, which spread over the Net at the turn of the new year. Some say Yaha has three distinct strains, which should have three different names, while others say those three strains are actually the same virus. Aliases, please The fact that Yaha's name is giving the antivirus community headaches might sound relatively trivial. But Yaha's lack of a standard name makes it hard to determine whether we're protected against it. Furthermore, I believe complicated virus names should also have commonplace aliases. I propose that the antivirus community adopt common names for all new virus variations before people stop updating their antivirus programs out of sheer frustration and confusion.
When the Yaha viruses were first found in the wild on December 22, there appeared to be three different variants, so they were assigned three separate names: Yaha.J, Yaha.K, and Yaha.L. But now, according to the antivirus software company MessageLabs, J, K, and L are actually the same virus. The only real difference between them is their packaging; the three strains share the same source code, but are compressed differently. Because of this, MessageLabs says Yaha versions J, K, and L should be renamed. So what's the big deal? Are you protected? Updating antivirus software is complicated enough without wondering whether you're protected against all three strains of Yaha, or whether there is, in fact, a Yaha.L loose on the Internet (but your vendor doesn't protect against it). Though the current naming convention has its technical merits, it could leave many ordinary computer users vulnerable to one or more of the Yaha variants simply due to naming confusion.
While antivirus software vendor sites are not obligated to conform to any virus-naming convention, most do. They follow what's called the Computer Antivirus Researcher's Organization (CARO) naming convention, first adopted in 1991. The CARO naming convention was created by virus researchers Fridrik Skulason, Alan Solomon, and Vesselin Bontchev and uses a modular construction. While formal virus names may not always have all the components listed below, the components must be listed in the following order, usually separated by dots. They are:
Some antivirus vendors have modified the CARO convention to include a prefix that identifies platform (W32 for Windows 32-bit systems, Linux, Mac) and a suffix (@mm) that identifies it as a mass mailer. Thus, a virus named W32.Klez.H@mm is the eighth variant of the Klez family, affects 32-bit Windows systems, and happens to be a mass mailer as well. MessageLabs suggests that another naming element is needed to distinguish the various strains of Yaha.J. Since the source code of the Yaha variants is the same, MessageLabs suggests adding a hexadecimal identifier to indicate the way the virus is e-mailed, meaning Yaha.J would become something like W32.Yaha.J!2c3b. A virus by any other name Will this catch on? It's hard to say. Even today, not everyone in the antivirus community adheres to the current naming conventions. For instance, security companies Panda and Kaspersky still refer to the Yaha virus as Lentin. And Panda currently designates the malicious Klez virus as Klez.I, while all the other antivirus companies call that same virus Klez.H. Still, distinguishing virus variants by name is a key security issue. Of the top 10 viruses stopped by MessageLabs, only BugBear is not a variant of an existing virus. With all of these variations, it's important that antivirus vendors agree to use the same names so that we all know which threat we're talking about. Otherwise, how will we know if we're protected? Having said that, I vote for going one step further and adopting unique aliases to be used in the media for all new virus variants. For example, Yaha.J could be known as Triplet, because it has three strains. Ordinary people are more likely to feel they can understand and deal with a simply named virus--and more likely to be intimidated and confused by something called W32.Yaha.J!2c3b. What do you think? Are you confused by virus names? Should we use common names to designate viruses? TalkBack to me!
Senior Associate Editor Robert Vamosi covers hoaxes, viruses, and security threats for CNET Reviews. Have a question for him? Let him know! |
 |
Next steps |
 | |
| |
•
Find DSL in your own area |
• Download security and encryption apps |
• Protect yourself with a firewall or an Internet security suite |
• Shopper.com's most popular security and encryption apps
• Download security and encryption apps |
• Protect yourself with a firewall or an Internet security suite |
• Shopper.com's most popular security and encryption apps
 | ||||||||||||||
| ||||||||||||||
 
|
|||
|
