Name That Worm

Ant wrote to mention a C|NET article reporting on the Common Malware Enumeration (CME) initiative, now emerging from its test phase. From the article: "Next month, the U.S. Computer Emergency Readiness Team (CERT) plans to officially take the wraps off the effort, meant to reduce the confusion caused by the different names security companies give worms, viruses and other pests. The project assigns a unique identifier to a particular piece of malicious software. When included in security software, in alerts and in virus encyclopedia entries, this identifier should help people determine which pest is hitting their systems and whether they are protected ..."

Proposal

[b100dian]

Run all antiviruses on a machine.
Exec the worm.
Blitblt the screenshot into an OCR buffer.
Compute the name of the worm

extra step: see if all AVs fired: if not so, the naming can become "AV killer"

Compliance will be an issue...

I think the most difficult part of this proposal will be getting the virus writers to include the unique identifier in their code. Besides, isn't the evil bit already supposed to take care of this issue?

Not hard to do

[Red+Flayer]

Why don't we just use the Linnean system?

I'm all about latin names for malware -- for one thing, malware creators won't feel so cool when their piece of code gets designated "Caenorhabditis Crapiticus" of the phylum Nematoda.

Ya know...

[Shadow+Wrought]

It's not a like a hurricane in which everyone can agree on which worm is which. How do you know that Worm Bob really is an unique new worm, and not just a variant of Worm Jimbo? And what happens when the 21 names run out?

CARO?

[Leebert]

Whatever happened to the Compute Antivirus Research Organization (CARO)? I thought they were the de facto standard for naming of viruses.