Synchronized malware identification for the new year

Causing a stir in the anti-virus community last month was the announcement of a new US-led initiative whose aim is to achieve threat synchronization.

The US Department of Homeland Security's Computer Emergency Readiness Team, US-CERT, is set to coordinate a Common Malware Enumeration (CME) initiative, according to a letter sent to the SANS Institute and signed by representatives of the DHS, Symantec, Microsoft, McAfee, and Trend Micro. Rather like Mitre Corp's Common Vulnerabilities and Exposures (CVE) list, US-CERT plans to maintain and coordinate a database of malware identifiers.

The letter stated: 'By building upon the success of CVE and applying the lessons learned, US-CERT, along with industry participants ... hopes to address many of the challenges that the anti-malware community currently faces.' The letter acknowledged that the task would not be a straightforward one, saying: 'There are significant obstacles to effective malware enumeration, including the large volume of malware and the fact that deconfliction [sic] can be difficult and time-consuming.'

With such an enormous task ahead, the enumeration project will make a start with just the 'major' threats. The initial proposal, therefore, is for representatives of the companies involved to forward samples that are submitted to AVED (Anti-Virus Emergency Discussion network) to US-CERT, allowing US-CERT to generate a CME number for each new threat.

Participants in the initiative acknowledge that this is not an 'end-all' solution to the malware-naming problem, but represents a helpful step forward. VB awaits the introduction of the scheme with interest.

Posted on 23 December 2004 by Virus Bulletin.  digg this! digg this

Quick Links

Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

Virus Bulletin
In this month's magazine:
  • VBSpam comparative review March 2014
  • VB100 comparative review on Ubuntu Server 12.04LTS
  • The shape of things to come
  • Threat intelligence sharing: tying one hand behind our backs
  • The curse of Necurs, part 1
  • More fast or more dirty?
  • Tofsee botnet
  • Back to VBA
  • Is the security industry up to the new challenges to come?
  • Greetz from academe: No place to Hyde
Virus Bulletin 04 2014
Subscribe now!

Virus Bulletin currently has 231,336 registered users.