Thursday, August 24, 2006

taking a small.dog for a walk

earlier today (well, ok, my clock says it was technically yesterday) i was perusing through the various RSS feeds in my blogroll when i happened upon this article on f-secure's blog about a downloader trojan called "small"...

in and of itself that's not really interesting to me, but what i did find a bit novel was that it's variant identifier spelled out the word "dog"...

variant id's, for those who don't know, are a kind of alphabetic number that represents something sort of similar to a version number... for example, the first instance of virus XYZ would be XYZ.A and the second one would be XYZ.B and so on until XYZ.Z at which point the following one would be XYZ.AA and it would continue like that...

that means small.dog is the 3101th variant in the (not so) small family... that's a lot of variants...

back when the decision to use a base 26 number system for variant id's was made i don't think they envisioned any one family having quite so many variants in it - i mean, there was stoned.empire.monkey.a and stoned.empire.monkey.b, but if there were stoned.empire.monkey.dog we'd have a bit of a confusing puzzle on our hands because aside from being at the end there's nothing to indicate to a layperson that it's not part of the given name... and just imagine what other words are possible - it should be obvious that since we're at small.dog right now we passed small.ass a long time ago and small.dick is yet to come...

which, after all that meandering, brings me to my point... although the anti-virus industry takes a certain care to choose appropriate names, to some extent the variant id system can be gamed to produce inappropriate id's (and most people won't see the distinction between the name and the id in such cases) by brute force...

dunno if it matters at this point, since most of the really interesting words are going to require orders of magnitude more variants, but who knows, maybe it'll happen? i don't think that 15 years ago they ever expected to reach ass...

0 comments: