US-CERT Malware Naming Plan Faces Obstacles - ' How the System Will '

Currently, Mitre is working with major anti-virus vendors including McAfee, Symantec, Trend Micro, Sophos Plc, F-Secure Corp., Computer Associates International Inc. and Microsoft Corp. to launch the program, but the program is open to smaller anti-virus and security software vendors as well, Connolly said.

Mitre has created a secure server to which participating anti-virus companies pass their discoveries, and will launch a CME Web site on Oct. 3 that will list about 21 viruses with CME numbers.

Initially, only high-impact viruses and worms will receive CME numbers, though Mitre may extend CME numbers to lower-level threats once the program is up and running, she said.

The CME number and links to a description of the threat will appear on a Mitre Web site akin to the CVE (Common Vulnerabilities and Exposures) Web site.

Anti-virus companies will link to that definition from their own advisories, Trend Micro's Hughes said.

Vincent Weafer, senior director of security response at Symantec, said the CME number may not be available in the first hours or even days after a big outbreak, but will provide a reference point for a malicious code threat in the weeks, months and years that follow.

Even more importantly, the common ID number will make it easier to program tools to automatically respond to threats, he said.

Still, anti-virus experts said they doubted that the new system would eliminate conflicts between vendors, or replace the habit of assigning catchy names like "Code Red" and "Slammer" to viruses.

"Think about Code Red, AV," Hughes said. "Anti-virus companies had a different name for that virus, but had to eventually refer to it as Code Red because the name took off—there was a sexiness to it."

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.