US-CERT, the federally-funded security clearinghouse, will try to put some order to the often-chaotic naming of worms and viruses in early 2005, the organization wrote in a letter sent to a security research group Tuesday.

Virus and worm nomenclature is typically left up to the security vendor which first discovers the malware. Until 2004 the process worked, more or less.

But the large scale and rapid release of multiple variants of worms in the Netsky and Bagle and MyDoom families this year led to confusion, with firms out of sync in their naming. One vendor would tag a new Bagle as Bagle.w, for instance, while others would call it Bagle.u or Bagle.t.

Most recently, confusion reigned when some security firms gave a worm an entirely new name -- "Bofra" -- while others claimed that it was only a variation of the long-running MyDoom.

"As a 'neutral third party' in the marketplace, US-CERT will coordinate with security vendors to implement a CME [Common Malware Enumeration] malware identification scheme," members of US-CERT's CEM initiative wrote in a letter to the SANS Institute's Internet Storm Center. "Limited operational capability is expected first quarter, 2005; this phase will concentrate on the most important threats, including the recent Beagle/Bagle variants."

Although there are obstacles to a common naming process -- including time constraints as anti-virus vendors rush to identify a worm and produce a defense against it -- US-CERT believes it's for the common good.

"Once all parties adopt a neutral, shared identification method, effective information sharing can happen faster and with more accuracy, making it easier to distinguish between very similar threats," the group wrote.