Virus and parasite names to be standardized

The United States Computer Emergency Readiness Team (US-CERT) came up with an initiative to standardize names of widely-spread viruses, Internet worms and other parasites by creating a new common name system, which should completely eliminate or leastwise partially reduce the confusion caused by disparate naming schemes used by numerous antivirus vendors and security-related software companies.

Today’s situation is far from being acceptable. Thousands of virus and parasite victims striving to clean up their obsessed systems cannot figure out and all the more correctly describe what kind of infection they have, how a threat behaves and what payload it has. As a result, often such users receive misleading removal instructions and end up with same badly infected PCs. If you still cannot imagine the problem, just take the Esbot.b worm as an example. uses the Esbot.b name for it, Symantec uses quite similar W32.Esbot.B, Kaspersky – Backdoor.Win32.IRCBot.ex, McAfee – W32/, Sophos – W32/Hwbot-B, Trend Micro – WORM_ESBOT.C, F-Secure – IRCBot.ex and finally Computer Associates – Win32.Esbot.C. And all these names refer to one and the same Internet worm.

The new naming scheme is called CME – Common Malware Enumeration. It does not rely on the pest author’s name or a certain description that he has left in a code. Instead, it uses neutral sequential CME numbers beginning with CME-1. For instance, Esbot.b standardized name is CME-284.

A similar naming scheme is already successfully used to standardize names of security vulnerabilities in software. It is called Common Vulnerability and Exposure, CVE for short. However, the latter differs from CME, as US-CERT decided not to include the date of virus discovery because most users believe that outdated risks are unable to affect modern systems and cannot pose a serious threat.

The CME project is supported by several major security-related software vendors including Microsoft, Symantec, Computer Associates and McAfee. Nevertheless, a real benefit from it might be quite relative, as using standardized names is optional and most companies wouldn’t withdraw own naming schemes. Moreover, CME names may be as much confusing as old names are – two completely disparate security risks may have almost the same numbers, which differ only by a single digit.

Like us on Facebook