Pierre-Marc Bureau and David Harley ESET
Years ago, when alt.comp.virus was still useful, 'Name that virus' was a popular virtual party game, virus names were, if not standardized, at least easy to cross-reference with tools like Vgrep. In 2008, the numbers have escalated exponentially, analysis and detection has become increasingly generic, and naming, even for some WildList malware, has become nearly useless because of the difficulty of mapping samples to names.
The CME initiative, while attempting to achieve something many people wanted, seems to have foundered on the rocks of the reality. Yet we continue to provide 'top ten' threat lists that have virtually no commonality or consistency across different vendors and sites, so that our customers continue to ask whether we detect the media virus du jour, and the slashdotty community point to us and giggle at our incompetence in failing to provide information about what we detect.
Are all our solutions going generic? Are there ways to resolve this issue so that our customers can understand what's happening and regain some faith in the industry without being hung up on the question 'Do you detect virus X?' We think so, and will discuss some possible approaches in this paper.