Why VDBs > AV Industry

Remember the recent Microsoft Windows WMF vulnerability that made news? You know, the “Shimgvw.dll SETABORTPROC function crafted WMF arbitrary code execution” issue? This was assigned OSVDB 21987, CVE 2005-4560, CERT VU 181038, BID 16074, FRSIRT ADV-2005-3086, OVAL 1433, SECTRACK 1015416, and Secunia 18255. While the vulnerability has a dozen different tracking numbers, they all correspond to the same issue, and many of them cross reference each other to avoid confusion. This issue is different than the “WMF processing ExtEscape POSTSCRIPT_INJECTION function overflow DoS” or the “WMF processing ExtCreateRegion function overflow DoS”, each identified by unique numbers for many of the VDBs.

Familiar with the CME-24/BlackWorm worm making the rounds? Oh, maybe you know it as W32/Kapser.A@mm? No, how about Worm/KillAV.GR? Maybe Win32/Blackmal.F? No?! Come on.. you have to know it by something? Check this handy list based on the Anti-Virus software you use:

Authentium: W32/Kapser.A@mm
AVIRA: Worm/KillAV.GR
CA: Win32/Blackmal.F
Fortinet: W32/Grew.A!wm
F-Secure: Nyxem.E
Grisoft: Worm/Generic.FX
H+BEDV: Worm/KillAV.GR
Kaspersky: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/Mywife.E@mm
Norman: W32/Small.KI
Panda: W32/Tearec.A.worm
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
TrendMicro: WORM_GREW.A

Yes, that many names for the same little program. For those that frown upon the VDB industry, at least we have our standards =)

Excellent analysis of the worm: http://www.caida.org/analysis/security/blackworm/

Blog entry that prompted this one: Virus Naming Still a Mess

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,408 other followers

%d bloggers like this: