Security sector rethinks common virus names

The anti virus sector has changed its Common Malware Enumeration (CME) programme that aims to prevent confusion about malware names in major virus and worm outbreaks.

The group triggering when a CME name will be assigned has been expanded with representatives for end users such as major corporations, Jimmy Kuo, a board member for the programme and research fellow with McAfee told vnunet.com. Initially the group was made up entirely of representatives for anti virus vendors.

"[Consumers] can declare issues and tell that they want a CME number associated with it," Kuo said.

The programme was launched last October by the US Computer Emergency Readiness Team (US-CERT) with support from numerous anti virus vendors. It will assign a non-sequential CME-number to major worm outbreaks.

Anti virus vendors historically pick a name for each piece of malware that they detect. As different vendors assign different names, end users can get confused when malware outbreaks are covered in the media. The CME programme aims to provide a common name in these cases.

CME numbers are assigned in a non-sequential order to prevent malware authors from claiming a CME number in their creations. So far about 15 CME numbers have been assigned,three of which were assigned since the expansion of the panel last spring.

The programme is struggling as the number of major malware outbreaks has dropped significantly. Malware authors have shifted from massive worm outbreaks to more targeted attacks that try to remain undetected from security tools.

But Kuo however maintained that the programme has a purpose as long as malware outbreaks are covered in the media.