Desiree Beck, Julie Connolly The MITRE Corporation
During high-profile malware outbreaks, incident responders often face significant confusion when trying to correlate aberrant system and network behaviour, public and community-specific incident reports, and the protections provided by their anti-virus and information security software. The Common Malware Enumeration (CME) initiative aims to address this confusion by assigning unique identifiers to high profile malware threats. Led by the United States Computer Emergency Readiness Team (US-CERT), CME is working in cooperation with public, private and international entities to adopt a neutral, shared identification method for malware and to improve communication and information sharing between anti-virus vendors and the rest of the information security community. CME is not an attempt to replace current naming schemes for viruses and other forms of malware, but instead aims to facilitate the adoption of a shared, neutral indexing capability for malware.
This paper will update the community on the status of CME since its October 2005 public launch at Virus Bulletin 2005. Topics will include the growing involvement of the incident response community; plans for expanding the scope of the project beyond the current focus on high-profile malware threats; and case studies illustrating the value of CME to the security community.