Re: another VX site?

[Drsolly <drsollyp () drsolly com>]

On Sat, 7 Jan 2006, Joe Jaroch (Tera Innovations, Inc.) wrote:

> The problems with the MD5 naming scheme are:
> 1) Users will have no idea what the virus is. 'User-friendly' naming 
> schemes are important, tho, not entirely necessary.
> 2) You are thinking mostly of trojans and static worms. While these 
> types of malware are very prevalent over their virulent counterparts, 
> they do not make up ALL of the samples out there, so, if some universal 
> naming scheme woudl be put into place, it could not be truly universal 
> as viruses would come out and not be named correctly.
>
> What I think might work well would be a multi-vendor scanner base, 
> where, every time a definition is added, samples are rescanned in 
> realtime. This way, if a questionable sample is added by vendor X, a 
> first reponder, vendors Y and Z can learn about the name that X chose, 
> and everyone would have the same name.
>
> What do y'all think? I think it wouldn't really be that hard to 
> implement and would be a service to everyone, using eachother to try and 
> get a definition out as fast as possible. It also allows for no human 
> interaction if the big vendors do not want to talk to the small vendors. 
> A simple system with tracking ids can be implemented and emails can be 
> sent out automatically.
 
I think that already exists.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.