Security Investigate

A Dose by Any Other Name

Download now Free registration required

Executive Summary

Years ago, when alt.comp.virus was still useful, 'Name that virus' was a popular virtual party game, and virus names were, if not standardized, at least easy to cross-reference with tools like VGrep. It is important to try to keep customer expectations realistic. The glut problem can't be fixed by throwing more and more resources at analysis throughput focused on near-exact identification. Modern malware is not always susceptible to automated removal: some families are notorious for digging themselves into a system without any regard for the effect of a botched removal. Precise information about a short-lived variant is a lower priority than detection and blocking of malware families, and precise identification is a poor performance metric without a firm correlation between names and samples.

  • Format: PDF
  • Size: 132.49 KB