Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Re: virus names Message-ID: <0002.9008301334.AA25774@ubu.cert.sei.cmu.edu> Date: 25 Aug 90 12:40:37 GMT Sender: Virus Discussion List Lines: 42 Approved: krvw@sei.cmu.edu CSTEHLIK@SCU.BITNET writes: >When there were only a few viruses, it was fine to give each a creative >name, but now there are over 200 and most have several aliases. > > ..... > My personal preference would be naming them by size and then an >optional extension to denote variants or special characteristics. An >example is 1704-a, or 4096-stealth. My opinion is the exact opposite - Using the file length was OK while we only had a few viruses, but now that we have over 200, it just does not work any more, as many totally unrelated viruses may have the same length. Just take 1701 and 1704 as an example. We have 1701 - original version of Cascade, which activated in the fall of '88, - the "every year" version. - "Jo-Jo", a related, but quite different virus. - a 1701 byte variant of the "Phoenix" virus from Bulgaria. 1704 - The IBM infecting variant of Cascade. - The non-IBM infecting variant of Cascade. - The Yugoslavian "Y" variant of Cascade. - The "multiple infection" variant of Cascade. - The disk-formatting variant of Cascade. - The Bulgarian Phoenix virus. - The Phoenix-D virus. and possibly a few more which I do not remember right now. Besides, how is the virus length to be determined - just take a common virus like Jerusalem. Should it be called "1808" (EXE) or "1813" (COM) ? - -frisk - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |