Friday, 7. October 2005
Common Malware Enumeration
This has to be a very worthwhile initiative.
CMETM provides single, common identifiers to new virus threats to reduce public confusions during malware outbreaks. CME is not an attempt to solve the challenges involved with naming schemes for viruses and other forms of malware, but instead aims to facilitate the adoption of a shared, neutral indexing capability for malware.
Sadly, I see no evidence yet that many AV vendors are ready to adopt it. Having had occasion (again) yesterday to submit undetected malware for analysis to one of my own AV vendors, the reponse came back:
With regards to the file "Details.exe" submitted by you on 07 Oct 02:20:27 (Australian Eastern Standard Time), we have added detection for Win32.Bagle.CU to the signature files for the VET engine. The Windows PE (I386,EXE) file "Details.exe" has been determined to be malicious. Aliases reported by other AV products are listed here: (W32/Bagle.CW@mm) (Email-Worm.Win32.Bagle.dx) (W32/Bagle.df@MM)
Let's see. That's Win32.Bagle.CU, W32/Bagle.CW@mm, Email-Worm.Win32.Bagle.dx and W32/Bagle.df@MM. Not a single CME-* identifier in sight.
Oh well...
Category: Viruses and Worms
Technorati: Viruses and Worms
Comments :
None yet...
Unable to post a comment? Please read this for a possible explanation...
- 
