News
News
10/6/2005
01:43 PM
Connect Directly
RSS
E-Mail
50%
50%

New Worm Naming Scheme Aims To Cut Confusion

The US Computer Emergency Response Team and major security vendors are looking to simplify a system which now has infections going by multiple names, each given by a different vendor.

A standardized naming process for worms and viruses sponsored by the US-CERT (Computer Emergency Readiness Team) and backed by the biggest names in security debuted Wednesday in the hope that it will lend some sense to the malware naming mess.

Dubbed CME (Common Malware Enumeration), the scheme assigns unique identifiers to threats so that end-users -- both consumers and IT security managers -- have a single point of reference for a worm or virus. Although there is some cooperation between security companies and agencies in naming threats, in many cases, vendors end up assigning different labels for the same piece of malicious code.

During a worm or virus outbreak, CME participants request an identifier from an automated system by providing a sample of the virus. An identifier is generated and then distributed to the other participants.

"Historically, regulating virus naming has proven difficult for security vendors, because of the need to issue threat protection as quickly as possible," said Mark Harris, the director of Sophos' research centers, in a statement.

Wednesday was a perfect example; the newest Sober variant was tagged as Sober.q (Symantec), Sober.r (McAfee), Sober.s (F-Secure), and Sober.o (Sophos). The CME identifier for all, however, is simply "CME-151."

The naming plan, which has been in the works for more than a year, is completely voluntary on the part of security firms, but most of the major anti-virus vendors -- including Symantec, McAfee, Kaspersky, Trend Micro, Sophos, Computer Associates, and F-Secure -- are on the CME editorial board and are either already listing the identifier in their descriptions or will in the future.

Symantec, for instance, put CME-151 as the first item under the "Also Known As" section of its Sober.q description.

The scheme may not put an end to name confusion -- anti-virus vendors are still allowed to slap on their own name -- and it will require global cooperation, but CME's time has come.

"[This] will benefit customers in securing their computers from malware attack," said Sophos' Harris, "without disrupting rapid virus analysis."

The CME list can be found on the initiative's Web site.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.