Order To Come To Virus Naming Chaos
By TechWeb News
US-CERT, the federally-funded security clearinghouse, will try to put some
order to the often-chaotic naming of worms and viruses in early 2005, the
organization wrote in a letter sent to a security research group Tuesday.
Virus and worm nomenclature is typically left up to the security vendor
which first discovers the malware. Until 2004 the process worked, more or
But the large scale and rapid release of multiple variants of worms in the
Netsky and Bagle and MyDoom families this year led to confusion, with
firms out of sync in their naming. One vendor would tag a new Bagle as
Bagle.w, for instance, while others would call it Bagle.u or Bagle.t.
Most recently, confusion reigned when some security firms gave a worm an
entirely new name -- "Bofra" -- while others claimed that it was only a
variation of the long-running MyDoom.
"As a 'neutral third party' in the marketplace, US-CERT will coordinate
with security vendors to implement a CME [Common Malware Enumeration]
malware identification scheme," members of US-CERT's CEM initiative wrote
in a letter to the SANS Institute's Internet Storm Center. "Limited
operational capability is expected first quarter, 2005; this phase will
concentrate on the most important threats, including the recent
Although there are obstacles to a common naming process -- including time
constraints as anti-virus vendors rush to identify a worm and produce a
defense against it -- US-CERT believes it's for the common good.
"Once all parties adopt a neutral, shared identification method, effective
information sharing can happen faster and with more accuracy, making it
easier to distinguish between very similar threats," the group wrote.
Ripped directly from: http://www.techweb.com/wire/security/54200541
Yay. Yay. Yay!
I can now go give thanks for something and James Gleick can finally get
some sleep. Have a good university holiday, everyone.