Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    US-CERT Malware Naming Plan Faces Obstacles

    By
    Paul F. Roberts
    -
    September 22, 2005
    Share
    Facebook
    Twitter
    Linkedin

      US-CERT, the U.S. Computer Emergency Readiness Team, will begin issuing uniform names for computer viruses, worms and other malicious code next month, as part of a program called the Common Malware Enumeration initiative.

      The program is intended to clear up confusion that results from the current decentralized system for naming Internet threats, which often results in the same virus or worm receiving different names from different anti-virus vendors.

      However, anti-virus experts say the voluntary CME (Common Malware Enumeration) program will face a number of challenges, including that of responding quickly to virulent virus and worm outbreaks.

      CME is being run by the Mitre Corp., based in Bedford, Mass. and McLean, Va., for the U.S. DHS (Department of Homeland Security) National Cyber Security Division.

      Work was begun on the program about one year ago. So far, CME numbers have been assigned to a handful of critical worms and viruses, said Julie Connolly, principal information security engineer at Mitre.

      New malicious code samples are held for 2 hours and, if no other example of the new code is submitted, assigned a CME number.

      When multiple examples of new malicious code are submitted within the 2-hour window, Mitre will ask anti-virus company researchers to work out conflicts in definitions and submit one or more samples for numbering, Connolly said.

      /zimages/5/28571.gifUS-CERT warns of attacks on systems running Veritas backup software. Read more here.

      Contrast that with the present system for naming malicious code, in which each company that discovers a threat assigns it a name based on that companys database of threats.

      Most companies make cursory attempts to synchronize their virus and worm names with those of other vendors, but there are frequent divergences and differences.

      For example, on Sunday, Symantec Corp. issued an alert for a Category 2 mass-mailing worm it named “W32.Lanieca.H@mm.”

      However, Kaspersky Lab, another anti-virus company, named the same worm “Email-Worm.Win32.Tanatos.p,” McAfee Inc. called the threat “W32.Eyeveg.worm” and Trend Micro Inc. called it “WORM-WURMARK.P,” according to Symantecs Web site.

      “Naming is a problem for everybody,” said Bruce Hughes, senior anti-virus researcher at Trend Micro.

      The CME program will help security administrators and end users of anti-virus software, as well as anti-virus companies, Hughes said.

      /zimages/5/28571.gifClick here to read about how long registry names can hide malware.

      The new system could make it easier for operations staff at large companies to coordinate response to virus outbreaks, said Erik Johnson, vice president and program manager at Bank of America Corp. in Boston.

      Bank of America has different teams that handle viruses both at the network perimeter and on the companys internal network. In addition, the company uses a number of different anti-virus products simultaneously, he said.

      “For operations folks, it might make a difference,” Johnson said.

      “I dont care what they name them as long as they kill those suckers,” said Hap Cluff, director of IT for the City of Norfolk, Va.

      Cluff said the new naming system will make it easier to respond to questions from users about new viruses and worms.

      Next Page: How the system will play out.

      How the System Will

      Play Out”>

      Currently, Mitre is working with major anti-virus vendors including McAfee, Symantec, Trend Micro, Sophos Plc, F-Secure Corp., Computer Associates International Inc. and Microsoft Corp. to launch the program, but the program is open to smaller anti-virus and security software vendors as well, Connolly said.

      Mitre has created a secure server to which participating anti-virus companies pass their discoveries, and will launch a CME Web site on Oct. 3 that will list about 21 viruses with CME numbers.

      Initially, only high-impact viruses and worms will receive CME numbers, though Mitre may extend CME numbers to lower-level threats once the program is up and running, she said.

      The CME number and links to a description of the threat will appear on a Mitre Web site akin to the CVE (Common Vulnerabilities and Exposures) Web site.

      Anti-virus companies will link to that definition from their own advisories, Trend Micros Hughes said.

      Vincent Weafer, senior director of security response at Symantec, said the CME number may not be available in the first hours or even days after a big outbreak, but will provide a reference point for a malicious code threat in the weeks, months and years that follow.

      Even more importantly, the common ID number will make it easier to program tools to automatically respond to threats, he said.

      Still, anti-virus experts said they doubted that the new system would eliminate conflicts between vendors, or replace the habit of assigning catchy names like “Code Red” and “Slammer” to viruses.

      “Think about Code Red, AV,” Hughes said. “Anti-virus companies had a different name for that virus, but had to eventually refer to it as Code Red because the name took off—there was a sexiness to it.”

      Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Paul F. Roberts
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×