Standardised malware naming for the new year

An end to the virus-naming problem?

A new initiative that aims to standardise malware naming may be in operation as early as January 2005.

The US Department of Homeland Security's Computer Emergency Readiness Team, US-CERT, is set to coordinate a Common Malware Enumeration initiative among anti-virus vendors, according to a letter sent to The SANS Institute and signed by representatives of the DHS, Symantec, Microsoft, McAfee, and Trend Micro. Rather like Mitre Corp's Common Vulnerabilities and Exposures (CVE) list, US-CERT will maintain and coordinate a database of malware identifiers.

The letter stated: 'By building upon the success of CVE and applying the lessons learned, US-CERT, along with industry participants... hopes to address many of the challenges that the anti-malware community currently faces.' With such an enormous task ahead, the enumeration project will make a start with just the 'major' threats.

The letter acknowledged that the task would not be a straightforward one, saying, 'There are significant obstacles to effective malware enumeration, including the large volume of malware and the fact that deconfliction [sic] can be difficult and time-consuming.'

Further details of the scheme were not available, but a pilot is planned for January 2005.

VB doubts whether the anti-virus industry's most contentious issue will be laid to rest without a hefty struggle, but awaits the introduction of the scheme with interest.

Read some views on the thorny issue of virus-naming:

- What's in a name? (Nick FitzGerald, June 1998)

- What's in a name? (Jakub Kaminski, Nov 2001)

- A virus by any other name - virus naming updated (Nick FitzGerald, Jan 2003)

- That which we call Rose.A (Sarah Gordon, March 2003)

- Hunting the UNICORN (Andrew Lee, May 2004)

- VGrep

25 November 2004

Tags: del.icio.us digg this