Vendors Team Up to Solve Virus Naming Confusion
A growing group of anti-virus companies are working together to tackle the confusion that grows out of the same malware getting different names from different vendors.
The Common Malware Enumeration (CME) initiative is an industry group formed to provide unique, common names to new malware threats.
There has been quite a bit of confusion of the naming of many different viruses, worms and Trojan horses. Anti-virus vendors, moving quickly to identify and deal with the onslaught of new threats, use their own naming conventions. This means that the same malware might have several different names, confusing security and IT administrators who are trying to learn about the threat and fight it off.
It also means that variants in the same malware family often are given different identifiers. For example, a variant might be called WormX-AA by one company but a different company might call the same variant WormX-AB.
''The benefit is to the end user, so the media and users can call up a virus name and it's all synchronized,'' says Steve Sundermeier, a vice president at Central Command, an anti-virus and anti-spam company that is a member of the CME. ''It's hard to get information on Mytob-FC when other people are calling it Mytob-JT. It's about information sources.''
But Sundermeier says it's not going to be an easy process to get every anti-virus vendor on the same naming page, especially since they are under the gun to get malware identified, named and signatures out to customers as fast as possible. There's no time, he says, to contact other vendors and discuss naming procedures.
''It's more important to get something out and then worry about the naming,'' he says. ''Once it's named, it can be tedious to get it synchronized to another name. We're all working together but it's a pretty hard process... It's easy with malware that's non-spreading... but for something that's very wide-spread, when we only have an hour or two gap for getting the sample and getting a signature for it, there's little time to synchronize the naming.''
Gregg Mastoras, says that's why it's important to have specific processes in place before companies get to the point where they have to name a new virus.
''Anti-virus vendors work together pretty well. We share code,'' says Mastoras, a senior security analyst at Sophos, Inc., an anti-virus and anti-spam company that announced just this week that it joined the CME. ''This is something we have to do to get to a naming structure we can all agree upon.
''It has to be a system that I'd liken to how they predefine hurricane names,'' Mastoras adds. ''They're already set for an upcoming season. We need a preset structure so you know that a virus name will be such and such. It needs to be something that is done quickly, and doesn't slow down the process.''
The CME initiative is sponsored by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security that coordinates response to cyber attacks.