Synchronized malware identification for the new year

Causing a stir in the anti-virus community last month was the announcement of a new US-led initiative whose aim is to achieve threat synchronization.

The US Department of Homeland Security's Computer Emergency Readiness Team, US-CERT, is set to coordinate a Common Malware Enumeration (CME) initiative, according to a letter sent to the SANS Institute and signed by representatives of the DHS, Symantec, Microsoft, McAfee, and Trend Micro. Rather like Mitre Corp's Common Vulnerabilities and Exposures (CVE) list, US-CERT plans to maintain and coordinate a database of malware identifiers.

VB100

The letter stated: 'By building upon the success of CVE and applying the lessons learned, US-CERT, along with industry participants ... hopes to address many of the challenges that the anti-malware community currently faces.' The letter acknowledged that the task would not be a straightforward one, saying: 'There are significant obstacles to effective malware enumeration, including the large volume of malware and the fact that deconfliction [sic] can be difficult and time-consuming.'

With such an enormous task ahead, the enumeration project will make a start with just the 'major' threats. The initial proposal, therefore, is for representatives of the companies involved to forward samples that are submitted to AVED (Anti-Virus Emergency Discussion network) to US-CERT, allowing US-CERT to generate a CME number for each new threat.

Participants in the initiative acknowledge that this is not an 'end-all' solution to the malware-naming problem, but represents a helpful step forward. VB awaits the introduction of the scheme with interest.

23 December 2004

Tags:    del.icio.us  digg this! digg this

Quick Links



Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments

Jobs Career Sidebar

Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago


virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago


Jobs

In Virus Bulletin's jobs pages among others:
Virus Bulletin currently has 208,224 registered users.