Saturday, February 04, 2006

CME-24 "Rampage"?

Recent weeks brought one interesting development in security standards. Earlier this year, MITRE announced a Common Malware Enumeration standard(CME). It is somewhat analogous to CVE for vulnerability names.

Despite the painful problems with amazing multitude of virus and worm names, CME initially didn't enjoy wide recognition. However, the recent worm outbreak brought it to light and the name CME-24 was used in some press and advisories instead of Kapser, Nyxem, KillAV, Tearec, W32.Blackmail and other names for the same piece of malware used by the antivirus vendors.

You can get more info on CME at http://cme.mitre.org/data/list.html

This is a significant development which will increase the importance of standards in information security. The worm itself will likely end up being a non-event, but the fact that many sources referred to it as"CME-24" sure has long term consequences.

Dr Anton Chuvakin