Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


US-CERT Malware Naming Plan Faces Obstacles



 By: Paul F. Roberts
2005-09-22
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. US-CERT Malware Naming Plan Faces Obstacles
  2. ' How the System Will '

Rate This Article:
Poor Best
US-CERT Malware Naming Plan Faces Obstacles
( Page 1 of 2 )

The Common Malware Enumeration initiative aims to unify the fight against virus and worms, although response time may be an issue.US-CERT, the U.S. Computer Emergency Readiness Team, will begin issuing uniform names for computer viruses, worms and other malicious code next month, as part of a program called the Common Malware Enumeration initiative.

The program is intended to clear up confusion that results from the current decentralized system for naming Internet threats, which often results in the same virus or worm receiving different names from different anti-virus vendors.

However, anti-virus experts say the voluntary CME (Common Malware Enumeration) program will face a number of challenges, including that of responding quickly to virulent virus and worm outbreaks.

CME is being run by the Mitre Corp., based in Bedford, Mass. and McLean, Va., for the U.S. DHS (Department of Homeland Security) National Cyber Security Division.

Work was begun on the program about one year ago. So far, CME numbers have been assigned to a handful of critical worms and viruses, said Julie Connolly, principal information security engineer at Mitre.

New malicious code samples are held for 2 hours and, if no other example of the new code is submitted, assigned a CME number.

Resource Library:
When multiple examples of new malicious code are submitted within the 2-hour window, Mitre will ask anti-virus company researchers to work out conflicts in definitions and submit one or more samples for numbering, Connolly said.

US-CERT warns of attacks on systems running Veritas backup software. Read more here.

Contrast that with the present system for naming malicious code, in which each company that discovers a threat assigns it a name based on that companys database of threats.

Most companies make cursory attempts to synchronize their virus and worm names with those of other vendors, but there are frequent divergences and differences.

For example, on Sunday, Symantec Corp. issued an alert for a Category 2 mass-mailing worm it named "W32.Lanieca.H@mm."

However, Kaspersky Lab, another anti-virus company, named the same worm "Email-Worm.Win32.Tanatos.p," McAfee Inc. called the threat "W32.Eyeveg.worm" and Trend Micro Inc. called it "WORM-WURMARK.P," according to Symantecs Web site.

"Naming is a problem for everybody," said Bruce Hughes, senior anti-virus researcher at Trend Micro.

The CME program will help security administrators and end users of anti-virus software, as well as anti-virus companies, Hughes said.

Click here to read about how long registry names can hide malware.

The new system could make it easier for operations staff at large companies to coordinate response to virus outbreaks, said Erik Johnson, vice president and program manager at Bank of America Corp. in Boston.

Bank of America has different teams that handle viruses both at the network perimeter and on the companys internal network. In addition, the company uses a number of different anti-virus products simultaneously, he said.

"For operations folks, it might make a difference," Johnson said.

"I dont care what they name them as long as they kill those suckers," said Hap Cluff, director of IT for the City of Norfolk, Va.

Cluff said the new naming system will make it easier to respond to questions from users about new viruses and worms.

Next Page: How the system will play out.





  Reader Comments: US-CERT Malware Naming Plan Faces Obstacles
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}ks8q8c=mGJɶkǶon"!c䒔˩'o҃ɜbK@7Fw?Htur5g6%SE}"Iͽ{C(~p(IFA)v@{iFu;A&pTwd>J`OS{SM Ɠ5Y1 |/[S}LF7\3Ѣb ^Pk$ȁ_Mܦ%H#x_ERzGGEQ}!k[1tUN(oT| 0tTǖþ=ay5EhDԤ#|xB'gxd #BE=x:Q/M+l}~DkMmW ؓ׌ڭAx)B(#bF]߂WOCI%_qؓ&thluD`YRi 3< LmfC1kkTR>l[}@ݑ[#XsIzVHaSO*!)lpi+j%yp Ol+;){ uȭB ¿{k߂Cݸ1̷L[b6Z mO |lM=P~ %DhOGHuh3 2 eþ?JP+qV*cxh9ؖ3bTzEÝ7]*UUwݹ)C[w5uP\uNoy\w?//N|'[oL;0QR&jtG,[3sA4 ̠+`W+e`;?{\uz{Kڟ:gw:Rڟ+̪ZUz O{uH2kh`cR^9{dκ7m2 ᭛'SRdt*g3%0N`mYn_H!-a(7fhX@?$eR2-L9X@/@שS Q4VtB=<Lr &@Sk~$GM ]sΚb.L2<|)mZ—W/(AK/-ڊ5f>]Q4{3BɃ`g@ɋ BD4?CzC0!pl/\~_L.΃QwWڲ9Q[ kK\M]ǘ\z댛Vmn׽.~jzmxD18,]evb`\\Է7Z01_@r /*rkh 2ud8԰1nґ>âx_ tSOc|>56㤞F!|Бdmxq#Z. +ԍEXn`Ntho Q٭lE%_¤< ) FA;=H:6(Z\?`c VC@B끂9G׿ޚB"Qފѡ4aqj 8=*~3=w}   @lk 6G[>l03ţN\IQo g dSJJds 4.gH)AH =[h ]99 ŊH~ݑvZ)JPl=!ԑt݁Z|MfJ9cb -d[b}IlΌ eV&vϏaZLbo7], Slo3-muk{\V5ZO4MhFaf{@ZgޓeK0آwBrHC;Ngt 3Awq=7߄s 0aEiŬ9c 9i|X#D3 ݜZ,'1!&B~aZ&4" 7q9yE"TX!3#Ͱ&q_;G+ooznr&=N9;m9R۪vs9n$!+xWY 2gdRU8:[(O7\EYbꁦ5XScX`Dqzb0qm/n)NaV|\vΖuVkͲT]۽/ 7J@4 mVJ2,6@1ٖk_Xt jQWtT(:АTtm6bXdžJ>!1Ad/a:(&u|pöV/UKW+@zESZ2ej=[`B]PeܠQ@3%X3PQ[ lxkuꟺPCߵɧ+|> w=dsgH~vP93?磔YTp$480T]2agRhj]Maf(0q |0b=9ߟ{8[=z,.K y{y]ؕ[RR|~nN >(zp4'Z>pd`/R=:uouj)ӃI ,䧒ZQJ~&[b"ud\6˰@eִ &;rm}' zfdݙ(yR+rf!%֐I4U$\ ؕGQA,~laD[ 5!70MC LK=9>ئQ7Ϗ9(gd%d)>'HV/굄fjhUUԎjV͎^{}|8=edLQp< _p+z]85h?+zGG>s.}O>zN¢ '-h'^+0ZN O*J?#2ByQihw\rR2 S#<~~Ɋ0 ClW͵Y1 pWPVC85 '& R9!GF lʂu!MU,pw]0XAG50qH&G+E685 3#uW:kjS~i h5[S'3?@ōQ 43Sb_@7TvX/=5xEq‡v1ክ543f;Gw6Jh)XS!RW dĞe`׆gQyϤͫh|3 |j3HqGL+ K0RsIl xv@̬;} w1m94c~('cjZ%o XBb>aL:lC30XfSf~+u08n LB l̓a*r16~zzi0b(n<0{L3wJ= Phnj`d6PC*lγ>AqHl\O+'Wa9L97JEVK`zցDZ%yHǞ1]]2Yޘz֩4> ʀ>jxG2cdY JhUm{\ cw2|]>?/$,Rd#q g@Vf2U+WkU"m=,N =X Z=6~ z|IcEijxk(OU?2FRݵJZVwϢ Cg%/&he~6%Kf⸏?͵Z5?c DsBx`fK<@vܖ[J,]A> Ba u( =6Q讻l]!c̞Òf&s,.ҞIG:-ef/T)U :.izIRϢpӁ9t@l~"ڊ te2q{27(۞k-/$xG ?wśn02A l(U˚V*j=ȕe#uL!)W_1|B$r UN7._VZvq *s>PV9ۻBlpI75 ),\<{}RiiԹ>kT Z~px}&uZlb4 LAIP 4p=&YCOՋ2uvֹ wѳy?`y B蕓n߽pZ:Kߧ-?wL.;m)^{#y0WNԺ|>bIN*axݺN8>m48 Z&IEyĘ 3^6"B@ ˸toڷY0pz!vB3ZOUc)zF A0ע:]xy~nU2kq %&*tz̃}E9ǀzB*q\>G:KeP^S(+RJ"4FYO |ڧg <@9FhDu~iGnEr}#fax!wl(q%ӝr*(oBٺCO[,lmSsSdGAGJ脚fye5-eH5NRMLC]OC/%$;kB6z{ gaM.m2jt>6Dr0&@v\f(Ӑ` q.@P)V<(m1n`}Xki-jշΫ؉C6OY̓`((rq]ȩzxXuwX̧E~"rFntL7ýԎ+^@(NEVu2k7x'[_YN.t0믁 89]cޓd=tWcT1;>^Y ]s>ͥ`L̴M\gwh^PD(Vp9c㻞0]vY H-@A FP ߼=Foq>p]9Qz AC`}\0n;z6bOf07)۽l9niamǡ80^t,4P$EUՊZr,WU $]dNFftZt@2&m_%3ٌ<ћ4/ Z2fP:9G׍{qecF0[o{ U"㛟t?h3i8~J}]icVD)]Kĵ"vKJIymQzSDDKh#i>R{+!biqh'pbox? r`f[!rtV>u} 1PZ'˟Cnc is 1JtDy O~U>G:(,cU9Yj=l}D? ekLst?B<rfSw:CF}'<N@R9~"`~oꩇjykHevLϵ` Qɜ`2 eP[>u~Q)2f{Ip;/7>gsJ :>@ו;$Ow哨6QR7_ Ұp=u_0]ME S[b*Z Zw ^ʳb= \W&" Ou߲Z+fF&SO3| EY,`猓d CFCUR|xY oѤx?Cʞڌ,JHq "76蛯;U͠QA/jFi ԥaJ41fX`؁dIsHs0?N۷p` bvC+z! QBDHvx̐O_G>$E,aE,ZH؈Y9Ҕ\9b;T^3aU,~ ^ER%M{>Sy*Ϯ0ڋdJs\覤KLI<!H00p0뙈EK.6wT%$ʶSzl :vzJJ:6Ճ # 8Wԫp,"`SA`$ޫ%/E67xl.Ivt>0Hn(Fha I(rIQ[N 8Ŝ0 _-'=>iv$Bs;X,۳\'JN}'Q*eV_u'gJ ;},Js&5Bi+t$yXθuQb<<<<J{ }5HK:qX[M>L0oRLڏļX?Iuw&PG[нӗ:1g.37E%L)]tS=Q狄ʄUJm{"֠\|˱* M|CH퀆[IF*fVH Kػl͘]q|6堿//B0w"=z!$4~F>z_݌f57V|YISq_?g @.T|-Ѝ6\[C=@F ʧ!3UU!AX>5וkJa+|̔R*F]{F9-(⨩2n?DP-%8ɠ)"(lhF݁"6lCA\ۦ"B75NsI(aVܦƮ"Jfadw|$ƽlE}dLĊhG꨾X:Za(|ߖ3VGBA8AXJo,"%xac8(ĒI g{$h#8࿬lqn/\93͒EˉtMSc%5XP)j~Az)XZbYE-c 2^|X!tOHk˜xf<vlNz ԣ:BMJWрTU"j%gx+ksMnlN!Vy <7L;a&gS;Xif}yj+n-浻3xb(ͪNT`hؓRcsP-*);,OuI,%&"8[Kx6_f~R!gI ] 010Ca^UX+)Z{ʋzhNyʨ۾:(-^awUKpjY\ACX8A ĮvT_aw׭kd5OWD ]%AJ%t@EP]ׯ0Oļ\^sn?`.=YXYrVf;h ͬj-%Vd]FRt3 K?Lut g?^J)m+Q^_fVܞUk **1Xt1ц]3#ZMIhe5J;Y]|_#ƄRSO L-! J!,7\CP |¸)S7W7q+TՕǩod@2<tW\W|Z6KeZ ͦ't Mt.7+ St#?))ځUޒϞ4|، Pm̼DGRSB}o<cb2zވ4pb X$Z`Oh$}b\-RWldb"@՘^U_پkF~hu.uw۷= d#k UCߑ?->'죇B'/ fo1}s~F.+Ja Sٝ;:,˘!.?fC7,>-l  \Zp4pLF}uO9TJƈ\簟aHp=S-.ȘhD MQ VHxLirtv,%"&Ls6@@P0H47g66"))ĴF#1C{x 1)}- I$x0φRǠq|01Faŷ^$l;b21#bH~9gAzJ,/@ } (cU T, !Lz)%n67p>9ovxcJÉ  :\ԝ<exY<>we~t:&>Z!%5KfltQQ(b8M u?83,ȏUHmݜ(8zyPh$`x=9aita~X{dO ( @Ka1c~Po֔J$2 >(%>gėޓtU:]⥫YU^&*RӔ^*BI] / (HZ W@CHIPk;97h\~&["6}9NyY_9+4;g9пNN?ӹ)wrsS?/9ak^ʃʡ*>WUWW9yyß(9_O9P~S7([N_^5u\]_O7GtAts M79O{99c}G௏9 ?~rC;(+;h.;࿻Ku3Ay+GZ7pz~;29)'9R{WKC(gUsVnVa{Cj{U_/Gޫ@Iss=K+ťfW*7yKxM}%k{[Z1iu}חG{1*,xW& )htVydSrbye?VRRw;]Cڤ\j.{]W[O'ikz(#s<2g!gs=* u=}xBߟQǒGЬ]#=D)s\2fAT+6:7q3[ ňàs H? }U?f6>xfOCvHu9i}hl(O>*8z:S w}Y&@Y8'Q?Ѱs3Pj:} m̹H|7v1X90l H͆RiejRߓJn0lFx@Dd10 5ɪ"+uW9 8]V*r `" *s>P`26UF` Ԋz!J1 #4`֭tK_c(wp EЧc gŭH˘E͛YȌMMu?/{_ۉ #Hf@2b/`{z38 EY0` emf.eа!,%sv[F8 S| vț3,>ӈq62s 2&6u;ݙ)a,<T#0? u+6a`类ƝZTœj@@zveN)6v8aIc̈́ݰ%]QO"Kw`/&o.;4mF26Xq?Ihbv]!6 R Ň%?1ȗ3")u= p790Da0'+xVb;`HIأ ^BOvvF{0Fk`c?94Ǟ"(ـħ%IAf:2Ş_ m>Zo/TùLHd v"щ:4W.o N甽aC4u;7eԦu"vnHϵg=8Y0D00Y~l'>FՋpOaHzBG!^AR$~hBP0^R s]qztߘHmgX|@ăx!$<>,D*9"[Io %Q)@EikA/?tI3軉fKNޒ{־8 ;C>Bqb<#U:.~9KT~3)V\wц|7(6؋|%O' /ᄃaH)t&I`_P')F ,M-_vܕeNUhJl;9md2-  Mwخ;Oq^'d9e7 9cHPWWݞ햏 Xo} 8jO.dzl}π!XsCQ%w` }ݟ-Hˍtd_d% d7<l[ +"ۂ  KmӴ1u¥"UXJMRX,8. kl9k ;.~[r"c<[_EڵlAt ] D hymox:" 7]!Kb C>`]R>ǔK ]'[٧3й?-R~/e;͌_X (K# Lwn)ZF1uVBR(at!L?Ua˟]lׁR#nȕ+`jkD]EtẁAw&BTU׮2 X#+7I;s__@>{zwn}#\91V`=sƛ- ɴ{%̅AdaܐdZ-*?҂o/ Q\F$30(y l+m5G0X1+ (R9(t>0 'Ɣ ϰ" ׶9),SכUvU6Upm j ֺWxozc|[0XjPtP>9/0$a1+=:`-hw͙!׆!0ѕDM1F(ͦ,1_<,@} փ W{څGSE6:|,ݐbVS"NdJ i-9=ON*LX6c?tCf *$ @˽ō]Qg*a?:#/ah^8`yj3Sq2$Y":xqeQ T,7/Kc~/By޽K筫#RI>Qv":~vҎ.3Jbq')kw>\Vv/ XںqKOZ?~>6Ҝ%!toY B*Ew:;\HWz C%ȕ/g2F#-<#DYfCժZ-Ni|ӷۊ#iQg8&rYOrե{7 D^4–mJPU&s)c MW\e\)MCS9U2;V&|&Z2cˤ_ lU%