MyDoom by any other name…
Published: 6 August 2004 09:35 GMT
When security experts first detected a mass-mailing worm that uses Yahoo's People Search engine to harvest email addresses, they assumed it was a new variant of MyDoom, which a week earlier had attacked a number of search engines for the same purpose.
However, after a detailed inspection of the worm's code, researchers have realised the code is not a new MyDoom variant, but a variant of another worm called Evaman.
Mikko Hyppönen, director of antivirus research at F-Secure, said one antivirus firm named the worm MyDoom and the other companies followed its lead. But after further examination, researchers found the worm was not a MyDoom variant.
"It is a pretty confusing situation right now. There are similarities in the operation of the virus and in the code. Everybody used the same name until somebody really paid attention and noticed it should be part of the Evaman family. But we do think they are coming from the same source or parties close to each other," Hyppönen said.
David Emm, senior technical consultant at Kaspersky Labs, explained that researchers follow certain guidelines when naming malware, but he said their first priority is to produce a detection signature, not conduct a detailed analysis. It then becomes difficult to rename the malware because that confuses everyone who's trying to defend their networks against a specific attack.
"When a new virus turns up, the researchers are keen to build a detection for it. If you back-step from the original name, you have a problem where people say 'you used to detect this and now you don't', so it can be a bit of a nightmare for the outside world as well as for antivirus vendors," said Emm.
Hyppönen agreed that changing the name was not a good idea and wasn't sure if F-secure would do so.
"We haven't changed the name, yet. We might do, but are still calling it MyDoom for now," said Hyppönen.
The close similarity between the worms strengthened researchers' conviction that both worm families are being developed by the same author or group of authors.
Security Engineer / Network Security Consultant will be focused (but not exclusively) on Symantec Endpoint Technologies like encryption, antivirus, ...
Must hold a current driving licence DESIRABLE Juniper SSL VPN RSA SecurID MailSweeper WSUS and patch management Ironport Web Content Filteringo ...
Salary: GBP35,000-GBP41,000 Dependant on experience Benefits: 20 days holiday + Bank Holidays + 3 extra days performance related ROLE: Primarily the ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy