No Solution at Hand for the Malware Naming Mess

Opinion: I'm rooting for the Common Malware Enumeration initiative to succeed, but I'm thinking it's just going to be another name in an already crowded field.

In the heat of a malware outbreak there is usually a lot of confusion about what variant of what worm is involved? Is it just a new variant or a completely new worm?

Inconsistencies between vendors about variant indices and virus names add to the confusion.

The latest effort to address this problem is the CME (Common Malware Enumeration) Initiative from a company called MITRE but sponsored by US-Cert. These are the same people who brought us CVE (Common Vulnerabilities and Exposures), the project on which CME is based.

The idea is to assign a specific identifier to each malware implementation.

To illustrate the problem, consider the table below containing data from AV-Test, a research project at the Otto-von-Guericke University Magdeburg (Germany).

Anti-Virus ProductID For This VirusAntiVirTR/Bagle.DGAVGI-Worm/BagleBitDefenderWin32.Bagle.JK@mmClamAVWorm.Bagle.BWCommandW32/Mitglieder.FSDr WebWin32.HLLM.Beagle.35146eSafTrojan/Worm (suspicious)eTrust-INOWin32/Glieder.BN!TrojaneTrust-VETWin32.Glieder.BVEwidoWorm.Bagle.dsF-ProtW32/Mitglieder.FSF-SecureEmail-Worm.Win32.Bagle.dsFortinetW32/Bagle.DA-trIkarusEmail-Worm.Win32.Bagle.genKasperskyEmail-Worm.Win32.Bagle.dsMcAfeeNew Poly (virus or variant)Nod32Win32/Bagle.CT wormNormanW32/BaglePandaW32/Bagle.EN.wormQuickHealBagle.dsSophosTroj/BagleDl-USymantecTrojan.Tooso.QTrend MicroTROJ_BAGLE.DAVBA3Email-Worm.Win32.Bagle.dsVirusBusterTrojan.DL.Bagle.Gen!Pac3

Next Page: What CME is up against.