MyDoom by any other name…
Published: 6 August 2004 09:35 BST
When security experts first detected a mass-mailing worm that uses Yahoo's People Search engine to harvest email addresses, they assumed it was a new variant of MyDoom, which a week earlier had attacked a number of search engines for the same purpose.
However, after a detailed inspection of the worm's code, researchers have realised the code is not a new MyDoom variant, but a variant of another worm called Evaman.
Mikko Hyppönen, director of antivirus research at F-Secure, said one antivirus firm named the worm MyDoom and the other companies followed its lead. But after further examination, researchers found the worm was not a MyDoom variant.
"It is a pretty confusing situation right now. There are similarities in the operation of the virus and in the code. Everybody used the same name until somebody really paid attention and noticed it should be part of the Evaman family. But we do think they are coming from the same source or parties close to each other," Hyppönen said.
David Emm, senior technical consultant at Kaspersky Labs, explained that researchers follow certain guidelines when naming malware, but he said their first priority is to produce a detection signature, not conduct a detailed analysis. It then becomes difficult to rename the malware because that confuses everyone who's trying to defend their networks against a specific attack.
"When a new virus turns up, the researchers are keen to build a detection for it. If you back-step from the original name, you have a problem where people say 'you used to detect this and now you don't', so it can be a bit of a nightmare for the outside world as well as for antivirus vendors," said Emm.
Hyppönen agreed that changing the name was not a good idea and wasn't sure if F-secure would do so.
"We haven't changed the name, yet. We might do, but are still calling it MyDoom for now," said Hyppönen.
The close similarity between the worms strengthened researchers' conviction that both worm families are being developed by the same author or group of authors.
You are the main point of contact of the IT department and your communication skills allows you to be comfortable managing administrative and IT ...
McAfee Antivirus Intrusion Detection software Be responsible for managing and maintaining perimeter defences, including firewalls and intrusion ...
IT Support Engineer (Windows Server / Anti-Virus) Leeds 23K ESSENTIAL SKILLS/EXPERIENCE: a) Previous experience of working in an IT support role.b) ...
Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you
Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy