« Polymorphic Worm Detection Using Structural Information of Executables | Main | Nematodes – Beneficial Worms »
CME Project Launched
The CME Project was launched on October 5, 2005. This project, also known as the Common Malware Enumeration effort, seeks to provide a standard, vendor neutral name for malware that appears. For example, instead of a list like Win32/Zotob.F!Wor, Bozori.B, Net-Worm.Win32.Bozori.b, W32/Bozori.worm.b, W32/Zotob-F, W32.Zotob.F, WORM_ZOTOB.F, you'll be able to talk to colleagues about the same threat using the term "CME-15" in this case. This is similar to the naming scheme from the CVE project.
While there's been the CARO virus naming scheme for many years now (since 1991), it's not always followed. However, this is clearly not always followed, doesn't work well in common parlance, and has always been a source of contention with some researchers. Now we have a new scheme, one that's simpler supposedly.
Will the new scheme matter much? In my opinion, it may take it a bit to get some full speed, but this is a welcome proposal. Having seen how we've failed to use the CARO scheme due (in part) to its complexity, the simple CME names make sense. Also, the CVE scheme has worked very well to tag a vulnerability or a threat with a standard identifier. CME could work just as well.
There are some shortcomings, though. There's no way to tag branches in a family, which would have been nice (but, admittedly, the breadth of the grey areas makes this difficult to treat reliably), for example. Also, the website's usefulness at this time (October, 2005) is very limited. There's no searching and no organization other than a simple list on a single page. Finally, how fast will this be updated? New variants appear every few hours, and in some cases these are major issues (ie the recent flurry of Zotob activity). The CME project will have some hurdles to jump before it can truly be useful to a wide audience.
October 9, 2005 in editorial, malware , tools | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
