Synchronized malware identification for the new year
Causing a stir in the anti-virus community last month was the announcement of a new US-led initiative whose aim is to achieve threat synchronization.
The US Department of Homeland Security's Computer Emergency Readiness Team, US-CERT, is set to coordinate a Common Malware Enumeration (CME) initiative, according to a letter sent to the SANS Institute and signed by representatives of the DHS, Symantec, Microsoft, McAfee, and Trend Micro. Rather like Mitre Corp's Common Vulnerabilities and Exposures (CVE) list, US-CERT plans to maintain and coordinate a database of malware identifiers.

The letter stated: 'By building upon the success of CVE and applying the lessons learned, US-CERT, along with industry participants ... hopes to address many of the challenges that the anti-malware community currently faces.' The letter acknowledged that the task would not be a straightforward one, saying: 'There are significant obstacles to effective malware enumeration, including the large volume of malware and the fact that deconfliction [sic] can be difficult and time-consuming.'
With such an enormous task ahead, the enumeration project will make a start with just the 'major' threats. The initial proposal, therefore, is for representatives of the companies involved to forward samples that are submitted to AVED (Anti-Virus Emergency Discussion network) to US-CERT, allowing US-CERT to generate a CME number for each new threat.
Participants in the initiative acknowledge that this is not an 'end-all' solution to the malware-naming problem, but represents a helpful step forward. VB awaits the introduction of the scheme with interest.
23 December 2004
Tags:
del.icio.us
digg this
Poll
Do you use the same password(s) across multiple websites?Leave a comment
View 4 comments

VB100 certification
This month VB's test team put 26 products to the test on
Windows Server 2008. John Hawes has the full results.
See full results.
Virus Bulletin currently has 190,515 registered users.

