Security sector rethinks common virus names
The antivirus sector has restructured its Common Malware Enumeration (CME) programme that aims to prevent confusion about the nomenclature for major virus and worm outbreaks.
The group responsible for assigning CME names has been expanded to include end-user representatives from major corporations, said Jimmy Kuo, a board member for the programme and research fellow at McAfee.
Initially the group was made up entirely of representatives from antivirus vendors.
“[Consumers] can declare issues and say that they want a CME number associated with it,” said Kuo.
The programme was launched last October by the US Computer Emergency Readiness Team with support from numerous antivirus vendors. It will assign a non-sequential CME-number to major worm outbreaks.
Antivirus vendors historically pick a name for each piece of malware that they detect, but this can lead to confusion as different vendors assign different names. The CME programme aims to provide a common name in such cases.
CME numbers are assigned in a non-sequential order to prevent malware authors from claiming a CME number in their creations.
About 15 CME numbers have been assigned so far, three of which were created since the expansion of the panel last spring.
However, the number of major malware outbreaks has dropped significantly in recent months as malware authors shift from large-scale worm outbreaks to more targeted attacks that try to remain undetected.
But Kuo maintained that the programme has a purpose as long as malware outbreaks are covered in the media.