The Common Malware Enumeration Initiative
Desiree Beck, Julie Connolly The MITRE Corporation
During high-profile malware outbreaks, incident responders often face significant confusion
when trying to correlate aberrant system and network behaviour, public and community-specific
incident reports, and the protections provided by their anti-virus and information security
software. The Common Malware Enumeration (CME) initiative aims to address this confusion
by assigning unique identifiers to high profile malware threats. Led by the United States
Computer Emergency Readiness Team (US-CERT), CME is working in cooperation with public,
private and international entities to adopt a neutral, shared identification method for
malware and to improve communication and information sharing between anti-virus vendors
and the rest of the information security community. CME is not an attempt to replace current
naming schemes for viruses and other forms of malware, but instead aims to facilitate
the adoption of a shared, neutral indexing capability for malware.
This paper will update the community on the status of CME since its October 2005 public
launch at Virus Bulletin 2005. Topics will include the growing involvement of the incident
response community; plans for expanding the scope of the project beyond the current
focus on high-profile malware threats; and case studies illustrating the value of CME to
the security community.
