Synchronized malware identification for the new year

Causing a stir in the anti-virus community last month was the announcement of a new US-led initiative whose aim is to achieve threat synchronization.

The US Department of Homeland Security's Computer Emergency Readiness Team, US-CERT, is set to coordinate a Common Malware Enumeration (CME) initiative, according to a letter sent to the SANS Institute and signed by representatives of the DHS, Symantec, Microsoft, McAfee, and Trend Micro. Rather like Mitre Corp's Common Vulnerabilities and Exposures (CVE) list, US-CERT plans to maintain and coordinate a database of malware identifiers.

The letter stated: 'By building upon the success of CVE and applying the lessons learned, US-CERT, along with industry participants ... hopes to address many of the challenges that the anti-malware community currently faces.' The letter acknowledged that the task would not be a straightforward one, saying: 'There are significant obstacles to effective malware enumeration, including the large volume of malware and the fact that deconfliction [sic] can be difficult and time-consuming.'

With such an enormous task ahead, the enumeration project will make a start with just the 'major' threats. The initial proposal, therefore, is for representatives of the companies involved to forward samples that are submitted to AVED (Anti-Virus Emergency Discussion network) to US-CERT, allowing US-CERT to generate a CME number for each new threat.

Participants in the initiative acknowledge that this is not an 'end-all' solution to the malware-naming problem, but represents a helpful step forward. VB awaits the introduction of the scheme with interest.

23 December 2004

Tags: del.icio.us digg this