A common vocabulary for virus names

B

Bill Sanderson

http://www.mitre.org/news/releases/05/cme_10_05_2005.html

http://cme.mitre.org/

So--today's outbreak of what McAfee calls Sober.R, is CME-151

Aliases
CME-151, I-Worm.Sober.U (VirusBuster), W32.Sober.Q@mm (Symantec),
W32/Sober-O (Sophos), W32/Sober.R@mm (Frisk), W32/Sober.r@MM!CME-151,
W32/Sober.r@MM!M-151, W32/Sober.Y.worm (Panda), Win32.Sober.S@mm (Softwin)

It would be great if we can encourage posters to use the CME number as much
as possible--this eliminates some major possible confusion, and should
maximize the possibility of finding accurate information on the risks and
cleaning instructions for a given virus.

(and I know this isn't an antivirus group, but there's overlap :)

--
 
D

Dave M

OK Bill nice post... but it leaves me a little more confused. How does this
differ from the VGrep cross reference as posted on the Virus Bullitin
site... Seems like the same subset of players minus F-Secure, but including
a bunch of others that are on VGrep (one notable exception - see list
below). Sounds to me like politics (ie. money) are involved. If you have
any further details I'd be interested. And were is SpyNet/OneCare in all
this frenzy of activity, maybe cause MS isn't in VGrep?

http://www.virusbtn.com/resources/vgrep/which_products/index

Here are the Vgrep players:

a.. ALWIL AVAST! LGUARD 7.70-94 17-Aug-2005
a.. H+BEDV AntiVir/DOS32 6.31.1.0 17-Aug-2005
a.. GRISoft AVG 7.0/718 17-Aug-2005
a.. Kaspersky Lab KavCon 1.0.0.48 17-Aug-2005
a.. SOFTWIN BDC 7.0 17-Aug-2005
a.. Doctor Web DrWebWCL 4.32b 17-Aug-2005
a.. Frisk Software FPCMD 3.15b 17-Aug-2005
a.. McAfee Scan 4.40.0 17-Aug-2005
a.. IKARUS PSCAN 2.27 17-Aug-2005
a.. MkS MkS_vir 2004.08 01-Aug-2005
a.. Symantec SAVCLS 1.0.0.1 17-Aug-2005
a.. Norman NVCC 5.80.02 17-Aug-2005
a.. Panda Antivirus 6.0 PAVCL 17-Aug-2005
a.. Trend Micro VSCANTM 1.0/790 17-Aug-2005
a.. Sophos SAV32CLI 3.96 17-Aug-2005
a.. CA VET RESCUE 10.60.0.43 16-Aug-2005
a.. CA InoculateIT INOCMD32 23.70.13 17-Aug-2005
a.. VirusBuster VirusBuster 1.12.004 7.1490 17-Aug-2005
 
B

Bill Sanderson

I think the lead paragraph here says it pretty well:

http://cme.mitre.org/

"CME provides single, common identifiers to new virus threats to reduce
public confusions during malware outbreaks. CME is not an attempt to solve
the challenges involved with naming schemes for viruses and other forms of
malware, but instead aims to facilitate the adoption of a shared, neutral
indexing capability for malware"

This doesn't look like it replaces VGREP--it isn't going to be used for all
malware--just significant outbreaks--see the site for their definitions of
"significant."

They're just making talking about the subject easier.

Vgrep isn't exactly speedy--this mechanism is intended to be speedy, and
facilitate sample sharing among the participants:

http://cme.mitre.org/cme/process.html





--

Dave M said:
OK Bill nice post... but it leaves me a little more confused. How does
this differ from the VGrep cross reference as posted on the Virus Bullitin
site... Seems like the same subset of players minus F-Secure, but
including a bunch of others that are on VGrep (one notable exception - see
list below). Sounds to me like politics (ie. money) are involved. If you
have any further details I'd be interested. And were is SpyNet/OneCare in
all this frenzy of activity, maybe cause MS isn't in VGrep?

http://www.virusbtn.com/resources/vgrep/which_products/index

Here are the Vgrep players:

a.. ALWIL AVAST! LGUARD 7.70-94 17-Aug-2005
a.. H+BEDV AntiVir/DOS32 6.31.1.0 17-Aug-2005
a.. GRISoft AVG 7.0/718 17-Aug-2005
a.. Kaspersky Lab KavCon 1.0.0.48 17-Aug-2005
a.. SOFTWIN BDC 7.0 17-Aug-2005
a.. Doctor Web DrWebWCL 4.32b 17-Aug-2005
a.. Frisk Software FPCMD 3.15b 17-Aug-2005
a.. McAfee Scan 4.40.0 17-Aug-2005
a.. IKARUS PSCAN 2.27 17-Aug-2005
a.. MkS MkS_vir 2004.08 01-Aug-2005
a.. Symantec SAVCLS 1.0.0.1 17-Aug-2005
a.. Norman NVCC 5.80.02 17-Aug-2005
a.. Panda Antivirus 6.0 PAVCL 17-Aug-2005
a.. Trend Micro VSCANTM 1.0/790 17-Aug-2005
a.. Sophos SAV32CLI 3.96 17-Aug-2005
a.. CA VET RESCUE 10.60.0.43 16-Aug-2005
a.. CA InoculateIT INOCMD32 23.70.13 17-Aug-2005
a.. VirusBuster VirusBuster 1.12.004 7.1490 17-Aug-2005
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

new doom varient? 3

Top