The US Computer Emergency Response Team and major security vendors are looking to simplify a system which now has infections going by multiple names, each given by a different vendor.
A standardized naming process for worms and viruses sponsored by the US-CERT (Computer Emergency Readiness Team) and backed by the biggest names in security debuted Wednesday in the hope that it will lend some sense to the malware naming mess.
Dubbed CME (Common Malware Enumeration), the scheme assigns unique identifiers to threats so that end-users -- both consumers and IT security managers -- have a single point of reference for a worm or virus. Although there is some cooperation between security companies and agencies in naming threats, in many cases, vendors end up assigning different labels for the same piece of malicious code.
During a worm or virus outbreak, CME participants request an identifier from an automated system by providing a sample of the virus. An identifier is generated and then distributed to the other participants.
"Historically, regulating virus naming has proven difficult for security vendors, because of the need to issue threat protection as quickly as possible," said Mark Harris, the director of Sophos' research centers, in a statement.
Wednesday was a perfect example; the newest Sober variant was tagged as Sober.q (Symantec), Sober.r (McAfee), Sober.s (F-Secure), and Sober.o (Sophos). The CME identifier for all, however, is simply "CME-151."
The naming plan, which has been in the works for more than a year, is completely voluntary on the part of security firms, but most of the major anti-virus vendors -- including Symantec, McAfee, Kaspersky, Trend Micro, Sophos, Computer Associates, and F-Secure -- are on the CME editorial board and are either already listing the identifier in their descriptions or will in the future.
Symantec, for instance, put CME-151 as the first item under the "Also Known As" section of its Sober.q description.
The scheme may not put an end to name confusion -- anti-virus vendors are still allowed to slap on their own name -- and it will require global cooperation, but CME's time has come.
"[This] will benefit customers in securing their computers from malware attack," said Sophos' Harris, "without disrupting rapid virus analysis."
The CME list can be found on the initiative's Web site.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?