Common Malware Enumeration (CME)
News > News & Events (2006 Archive)  

News & Events (2006 Archive)

November 7, 2006

New CME Identifier Released: CME-416

CME-416 was assigned on November 6, 2006. Aliases for this threat include Authentium: W32/Warezov.GC; Avira: TR/Dldr.Stration.C; CA: Win32/Stration.Variant!Worm; ClamAV: Worm.Stration.LY; ESET: Win32/Stration.NO; Fortinet: W32/Stration.DS@mm; Grisoft: I-Worm/Stration; Kaspersky: Worm.W32.Warezov.ez; McAfee: W32/Stration@MM; Microsoft: Win32/Stration.DH@mm!CME-416; Norman: W32/Stration.ATT; Panda: W32/Spamta.KG.worm; Sophos: W32/Strati-Gen; Symantec: W32.Stration.DL@mm; and Trend Micro: WORM_STRAT.DR.

Visit the CME List for a complete description of this and other CME identifiers. You may download the CME List as an XML file by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button located in the upper-right corner of the CME List page.

CME Now Assigning Identifiers to Most Prevalent Virus Threats in the Wild

As of November 2006, CME will be assigning identifiers to the most prevalent virus threats in the wild. While only a handful of threats are expected to be submitted by CME vendor organizations, identifier assignment for the virus threats most commonly found in the wild will enable CME to more completely mitigate consumer confusion. Please contact cme@mitre.org with any comments or concerns.

CME Presents Briefing at Virus Bulletin Conference on October 13th

MITRE presented a briefing entitled "The Common Malware Enumeration Initiative" at the Virus Bulletin Conference 2006 on October 13th, 2006, at the Queen Elizabeth hotel, in Montréal, Québec, Canada. The conference, which ran October 11th-13th, exposed CME to "dedicated anti-virus researchers to security professionals from government and military organizations, legal, financial and educational institutions, and some of the world's largest international corporations."

Visit the CME Calendar page for information about this and other upcoming events.

CME Hosts Booth at FIAC 2006

MITRE hosted a CME/CVE/CCE/CWE/OVAL exhibitor booth at Federal Information Assurance Conference (FIAC) 2006, October 25–26, 2006, at the Inn and Conference Center, University of Maryland University College, in Adelphi, Maryland, USA. The conference exposed CME, CVE, CCE, CWE, and OVAL to network and systems administrators, security practitioners, acquisition and procurement officials, systems security officers, federal managers, accreditors, and certifiers from numerous agencies of the U.S. federal government.

Visit the CME Calendar page for information about this and other upcoming events.

Back to top

October 2, 2006

CME to Present Briefing at Virus Bulletin Conference on October 13th

MITRE is scheduled to present a briefing entitled "The Common Malware Enumeration Initiative" at the Virus Bulletin Conference 2006 on October 13th, 2006, at the Queen Elizabeth hotel, in Montréal, Québec, Canada. The conference, which runs October 11th-13th, will expose CME to "dedicated anti-virus researchers to security professionals from government and military organizations, legal, financial and educational institutions, and some of the world's largest international corporations."

Visit the CME Calendar page for information about this and other upcoming events.

CME to Host Booth at FIAC 2006

MITRE is scheduled to host a CME/CVE/CCE/CWE/OVAL exhibitor booth at Federal Information Assurance Conference (FIAC) 2006, October 25–26, 2006, at the Inn and Conference Center, University of Maryland University College, in Adelphi, Maryland, USA. The conference will expose CME, CVE, CCE, CWE, and OVAL to network and systems administrators, security practitioners, acquisition and procurement officials, systems security officers, federal managers, accreditors, and certifiers from numerous agencies of the U.S. federal government.

Visit the CME Calendar page for information about this and other upcoming events.

CME Hosts Booth at IT Security World 2006

MITRE hosted a CME/CVE/CCE/CWE/OVAL exhibitor booth at MISTI's IT Security World 2006 on September 25-27, 2006 at the Fairmont Hotel in San Francisco, California, USA. The conference exposed CME, CVE, CCE, CWE, and OVAL to security professionals from industry, government, and academia charged with developing and running their organizations' information security programs.

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

September 7, 2006

CME to Host Booth at IT Security World 2006

MITRE is scheduled to host a CME/CVE/CCE/CWE/OVAL exhibitor booth at MISTI's IT Security World 2006 on September 25-27, 2006 at the Fairmont Hotel in San Francisco, California, USA. The conference will expose CME, CVE, CCE, CWE, and OVAL to security professionals from industry, government, and academia charged with developing and running their organizations' information security programs.

Visit the CME Calendar page for information on this and other upcoming events.

Photos of CME Booth at Black Hat 2006

MITRE hosted an CME/CVE/CWE/OVAL exhibitor/meeting booth at Black Hat Briefings 2006 on August 2nd - 3rd, 2006 in Las Vegas, Nevada, USA. Photos from the event are included below:

Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006 Black Hat Briefings 2006

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

August 14, 2006

New CME Identifier Released: CME-482

CME-482 was assigned on August 14, 2006. Aliases for this threat include Avira: Worm/IRCBot.9609; Authentium: W32/Ircbot.TU; CA: Win32/Cuebot.J!Worm; ClamAV: Trojan.IRCBot-689; ESET: Win32/IRCBot.OO; Fortinet: W32/Graweg.B!tr.bdr; Grisoft: BackDoor.Generic3.GBC!CME-482; Kaspersky: Backdoor.Win32.IRCBot.st; McAfee: IRC-Mocbot!MS06-040; Microsoft: backdoor:Win32/Graweg.A; Panda: W32/Oscarbot.KD.wor; Sophos: W32/Cuebot-L; Symantec: W32.Wargbot; and Trend Micro: WORM_IRCBOT.JL.

Visit the CME List for a complete description of this and other CME identifiers. You may download the CME List as an XML file by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button located in the upper-right corner of the CME List page.

New CME Identifier Released: CME-762

CME-762 was assigned on August 14, 2006. Aliases for this threat include Avira: Worm/IRCBot.9374; Authentium: W32/Ircbot.TT; CA: Win32/Cuebot.K!Worm; ClamAV: Trojan.IRCBot-690; ESET: Win32/IRCBot.OO; Fortinet: W32/Graweg.A!tr.bdr; Grisoft: BackDoor.Generic3.GBB!CME-762; Kaspersky: Backdoor.Win32.IRCBot.st; Microsoft: backdoor:Win32/Graweg.B; McAfee: IRC-Mocbot!MS06-040; Panda: W32/Oscarbot.KD.wor; Sophos: W32/Cuebot-M; Symantec: W32.Wargbot; and Trend Micro: WORM_IRCBOT.JK.

Visit the CME List for a complete description of this and other CME identifiers. You may download the CME List as an XML file by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button located in the upper-right corner of the CME List page.

Important Message about CME Web Site Availability

Due to electrical system maintenance the CME Web site will be unavailable from 5:00am on Saturday August 19th, 2006 through 2:00am on Sunday August 20th, 2006. We apologize for any inconvenience. Please contact cme@mitre.org with any comments or concerns.

Back to top

August 3, 2006

New CME Sample Redistribution Group Member

AhnLab has joined the CME Sample Redistribution Group.

CME Mentioned in Article in Virus Bulletin

CME was mentioned in an article abstract entitled "Ally in our defences" on Virus Bulletin. CME is mentioned when the author states: "Two details we find valuable that are often missing from virus information are alias names and timestamps that reflect data changes. Providing alias names on all threats would allow the group that provides our monitoring service to correlate the information amongst vendors more easily. We are not suggesting that vendors provide every single alias name available, but provide at least a fair sampling. Of course having a Common Malware Enumeration (CME-ID) identifier for all threats would be the optimum situation. When vendors use a timestamp to reflect changes to their write-ups, we can peruse their sites more easily. Because we seek so much information, we need to be able to find new information quickly, without having to re-read the original details." This January 1, 2006 opinion article was written by Jeannette Jarvis of Boeing Company.

CME Hosts Booth at Black Hat Briefings 2006

MITRE hosted a CME/CVE/CWE/OVAL exhibitor/meeting booth at Black Hat Briefings 2006 on August 2nd - 3rd, 2006 at Caesars Palace in Las Vegas, Nevada, USA. The event exposed CME, CWE, OVAL, and CVE to a diverse audience of information security-focused attendees from around the world.

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

July 13, 2006

CME List Now Available as an XML Download

The CME List is now available for download as an XML file. Users may download the CME List by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button also located in the upper-right corner of the CME List page.

CME to Host Booth at Black Hat Briefings 2006

MITRE is scheduled to host a CME/CVE/CWE/OVAL exhibitor/meeting booth at Black Hat Briefings 2006 on August 2nd - 3rd, 2006 at Caesars Palace in Las Vegas, Nevada, USA. The event will expose CME, CWE, OVAL, and CVE to a diverse audience of information security-focused attendees from around the world.

Visit the CME Calendar page for information on this and other upcoming events.

CME Mentioned in Article about Information Security Standards Efforts in IEEE Distributed Systems Online

CME was mentioned in an article about security standards efforts entitled "Functionality Meets Terminology to Address Network Security Vulnerabilities" in the June 2006 issue of IEEE Distributed Systems Online. The main focus of the article is the success of the Common Vulnerabilities and Exposures (CVE) standard and of the U.S. National Vulnerability Database (NVD), which is built upon CVE identifiers.

CME is mentioned in a section entitled "New efforts round out the landscape" as a follow-on standards effort that is attempting to "standardize virus nomenclature" by providing single, common identifiers to virus threats to reduce public confusions during malware outbreaks and to facilitate the adoption of a shared, neutral indexing capability for malware. The article concludes with a quote by CVE Compatibility Program Lead Robert A. Martin who comments on the purpose behind these other information security standards efforts: "People are so used to selecting the vendor and that's kind of the core they build out from. What we want them to do is get married to enabling standards and then build around that."

CME, CVE, and NVD are sponsored by the U.S Department of Homeland Security.

Back to top

June 29, 2006

New CME Identifier Released: CME-136

CME-136 was assigned on June 29, 2006. Aliases for this threat include Avira: W2000M/Kukudro.C; Authentium: W97M/Kukudro.C; CA: W97M/Kukudro.B:trojan; ClamAV: Trojan.Dropper.MSWord.MyNo-3; ESET: W97M/TrojanDropper.Lafool.NAA; Fortinet: WM/Kukudro.C; GRISOFT: W97M/Kukudro; H+BEDV: W2000M/Kukudro.C; Kaspersky: Trojan-Dropper.MSWord.Lafool.j; McAfee: W97M/Kukudro.c; Microsoft: W97M/Kukudro.C!CME-136; Panda: W97/Kukudro.C!CME-136; Sophos: WM97/Kukudr-Fam; and Symantec: W97M.Kukudro.A.

Visit the CME List for a complete description of this and other CME identifiers. You may download the CME List as an XML file by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button located in the upper-right corner of the CME List page.

Back to top

June 28, 2006

New CME Identifier Released: CME-745

CME-745 was assigned on June 28, 2006. Aliases for this threat include Avira: W2000M/Kukudro.A; Authentium: W97M/Kukudro.A; CA eTrust InoculateIT: W97M/Kukudr; ClamAV: Trojan.Dropper.MSWord.MyNo-1; ESET: W97M/TrojanDropper.Lafool.I; F-Secure: Kukudro.A; Fortinet: WM/Lafool.I!tr; GRISOFT: W97/Kukudro; H+BEDV: W2000M/Kukudro.A; Kaspersky: Trojan-Dropper.MSWord.Lafool.i; McAfee: W97M/Kukudro.a!CME-745; Microsoft: W97M/Kukudro.A!CME-745; Norman: W97M/Pricheck.A; Panda: W97/Kukudro.A!CME-745; Sophos: WM97/Kukudro-A; Symantec: W97M.Kukudro.A; and Trend Micro: W97M_DLOADER.BKV.

Visit the CME List for a complete description of this and other CME identifiers. You may download the CME List as an XML file by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button located in the upper-right corner of the CME List page.

New CME Identifier Released: CME-476

CME-476 was assigned on June 28, 2006. Aliases for this threat include Avira: W2000M/Kukudro.B; Authentium: W97M/Kukudro.B; CA: W97M/Pricheck.B; ClamAV: Trojan.Dropper.MSWord.MyNo-2; ESET: W97M/TrojanDropper.Lafool.NAA; Fortinet: WM/Kukudro.B; GRISOFT: W97M/Kukudro; H+BEDV: W2000M/Kukudro.B; Kaspersky: Trojan-Dropper.MSWord.Lafool.j; McAfee: W97M/Kukudro.b!CME-476; Microsoft: W97M/Kukudro.B!CME-476; Panda: W97/Kukudro.A; Sophos: WM97/Kukudro-B; Symantec: W97M.Kukudro.A; and Trend Micro: W97M_DLOADER.BVS.

Visit the CME List for a complete description of this and other CME identifiers. You may download the CME List as an XML file by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button located in the upper-right corner of the CME List page.

Back to top

June 15, 2006

Windows Live One Care Includes CME-ID as Alias

A CME identifier is included as an alias in Microsoft Corporation's Windows Live One Care "Virus Encyclopedia." CME-24 was included as an alias for Win32/Mywife.E@mm. Other encyclopedia entries also include CME-IDs. Microsoft previously issued a security advisory on January 30, 2006 that referenced CME-24.

See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

Back to top

June 2, 2006

Viruspool Includes CME-ID as Alias

A CME identifier is included as an alias in the Viruspool database. CME-24 was included as an alias for W32/Nyxem-D. Other entries in the database will also include CME-IDs. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

Back to top

May 19, 2006

CME Identifiers Included in March 2006 Update of WildList

Seven CME identifiers (CME-IDs) have been included in the March 2006 update to the WildList, a "cooperative listing of viruses reported as being in the wild by 80 virus information professionals." Many organizations participating on the WildList are also members of the CME Editorial Board and CME Sample Redistribution Group.

CME-IDs are included as aliases for the following:

Visit the CME List for a complete description of these and all CME identifiers. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

Arbor Networks Press Release Announces Participation in CME Initiative

CME was the main topic of a March 27, 2006 news release from Arbor Networks entitled "Arbor Networks Joins MITRE's Common Malware Enumeration (CME) Editorial Board." The release describes what CME is, notes the main purpose of CME is to facilitate the adoption of a shared neutral indexing capability for malware, and describes the role of the CME Editorial Board.

The release also includes a quote from Jose Nazario, senior security engineer and worm researcher at Arbor Networks, who states: "Arbor Networks is excited to work with the anti-virus community, MITRE and US-CERT to address the many challenges in fighting malware threats today. CME will become a vital component of any timely, complete anti-malware solution, and we're proud to offer a unique, network-centric perspective to the board to help better define malware that threatens enterprise networks daily."

Arbor Networks is a member of the CME Editorial Board and the CME Sample Redistribution Group.

Back to top

May 3, 2006

CME Presents Briefing at GFIRST National Conference 2006

CME Program Manager Julie Connolly and OVAL Technical Lead Matthew N. Wojcik presented a briefing on May 3, 2006 entitled "Vulnerability, Secure Configuration, and Malware Information Exchange Using CVE, OVAL, and CME" at the Government Forum of Incident Responders and Security Teams (GFIRST) second annual "GFIRST National Conference 2006" in Orlando, Florida, USA.

The presentation examined MITRE's three DHS-sponsored security information exchange initiatives — Common Malware Enumeration (CME), Open Vulnerability and Assessment Language (OVAL), and Common Vulnerabilities and Exposures (CVE) — including the purpose of each effort, its goals, participants, future plans, and how each effort benefits the incident response community.

Visit the CME Calendar page for information on this and other upcoming events.

CME Presents Briefing at EICAR Conference

CME Team Member Michael Michnikov presented a briefing on May 1, 2006 entitled "The Common Malware Enumeration Initiative: An Update" at the European Institute for Computer Anti-Virus Research (EICAR) Conference in Hamburg, Germany. The presentation provided a status report of CME since October 2005 when the initiative was publicly launched, and included a discussion of the role of CME member groups (e.g., technical feedback group); plans for expanding the scope of the project beyond the current focus on high-profile malware threats; and a case study illustrating the value of CME to the security community.

The theme of the conference itself, which ran April 30th - May 2nd, was "Security in the Mobile and Networked World" with a focus on malware and anti-virus, critical infrastructure protection, ICT security and policy management, network-enabled capabilities, cyber crime and terrorism, and privacy and data protection.

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

April 19, 2006

New CME Sample Redistribution Group Member

iPolicy Networks Pvt Ltd has joined the CME Sample Redistribution Group.

AEC Ltd. Includes CME-ID as Alias in Virus Alert

CME-151 is included as an alias in a virus alert from AEC Ltd. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

Photos from CME Booth at InfoSec World 2006

MITRE hosted a CME/OVAL/CVE exhibitor booth at MISTI's InfoSecWorld 2006 Conference & Expo on April 3rd - 4th in Orlando, Florida, USA. Photos from the event are included below:

InfoSec World 2006 InfoSec World 2006

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

April 6, 2006

SPAMfighter Includes CME-ID as Alias in Virus Alert

A CME identifier is included as an alias in a December 2, 2005 VIRUSfighter alert from SPAMfighter. CME-681 was included as an alias for W32/Sober.AA@mm. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

CME to Present Briefing at GFIRST National Conference 2006 on May 3rd

CME Program Manager Julie Connolly and OVAL Technical Lead Matthew N. Wojcik are scheduled to present a briefing on May 3, 2006 entitled "Vulnerability, Secure Configuration, and Malware Information Exchange Using CVE, OVAL, and CME" at the Government Forum of Incident Responders and Security Teams (GFIRST) second annual "GFIRST National Conference 2006" at the Doubletree Hotel in Orlando, Florida, USA.

The presentation will examine MITRE's three DHS-sponsored security information exchange initiatives: Common Vulnerabilities and Exposures (CVE), Open Vulnerability and Assessment Language (OVAL), and Common Malware Enumeration (CME). The presentation will begin with the most established project, CVE, move to OVAL, the increasingly popular language for specifying system state information, and finish with the newest initiative for malware, CME. The purpose of each effort, its goals, participants, and future plans will be reviewed. How each effort benefits the incident response community will also be reviewed.

Visit the CME Calendar page for information on this and other upcoming events.

CME to Present Briefing at EICAR Conference on May 1st

CME Team Member Michael Michnikov is scheduled to present a briefing on May 1, 2006 entitled "The Common Malware Enumeration Initiative: An Update" at the European Institute for Computer Anti-Virus Research (EICAR) Conference at the Hotel Hafen Hamburg, in Hamburg, Germany. The presentation will provide a status report of CME since October 2005 when the initiative was publicly launched, and will include a discussion of the role of CME member groups (e.g., technical feedback group); plans for expanding the scope of the project beyond the current focus on high-profile malware threats; and a case study illustrating the value of CME to the security community.

The theme of the conference itself, which runs April 30th - May 2nd, is "Security in the Mobile and Networked World" with a focus on malware and anti-virus, critical infrastructure protection, ICT security and policy management, network-enabled capabilities, cyber crime and terrorism, and privacy and data protection.

Visit the CME Calendar page for information on this and other upcoming events.

CME Hosts Booth at MISTI's InfoSec World 2006, April 3-4

MITRE hosted a CME/OVAL/CVE exhibitor booth at MISTI's InfoSecWorld 2006 Conference & Expo on April 3rd - 4th at the Coronado Springs Resort in Orlando, Florida, USA. The conference exposed CME, OVAL, and CVE to a diverse audience of attendees from the banking, finance, real estate, insurance, and health care industries, among others. The conference was targeted to information security policy and decision makers from these and other industries, as well as directors and managers of information security, CIOs, network and systems security administrators, IT auditors, systems planners and analysts, systems administrators, software and application developers, engineers, systems integrators, strategic planners, and other information security professionals. Organizations listed on the Products and Services Including CME Identifiers page also exhibited.

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

March 23, 2006

New CME Sample Redistribution Group Member

Eset LLC has joined the CME Sample Redistribution Group.

Aladdin Knowledge Systems Includes CME-ID as Alias in Threat Alert

A CME identifier is included as an alias in a January 16, 2006 threat alert from Aladdin Knowledge Systems, Inc. CME-24 was included as an alias for Win32.VB.bi. Other alerts also include CME-IDs. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

CME to Host Booth at MISTI's InfoSec World 2006, April 3-4

MITRE is scheduled to host an CME/OVAL/CVE exhibitor booth at MISTI's InfoSecWorld 2006 Conference & Expo on April 3rd - 4th at the Coronado Springs Resort in Orlando, Florida, USA. The conference will expose CME, OVAL, and CVE to a diverse audience of attendees from the banking, finance, real estate, insurance, and health care industries, among others. The conference is targeted to information security policy and decision makers from these and other industries, as well as directors and managers of information security, CIOs, network and systems security administrators, IT auditors, systems planners and analysts, systems administrators, software and application developers, engineers, systems integrators, strategic planners, and other information security professionals. Please stop by Booth 436 and say hello. In addition, organizations listed on the Products and Services Including CME Identifiers page will also be exhibiting.

Visit the CME Calendar page for information on this and other upcoming events.

CME Presents Briefing at MISTI's FISMA Risk Management & Compliance Training Symposium on March 14th

CME Team Member Robert A. Martin presented a briefing on March 14, 2006 entitled "Program Automation and Standards: The Key to Economic FISMA Compliance" at MIS Training Institute's (MISTI) "FISMA Risk Management & Compliance Training Symposium" in Washington, D.C., USA. FISMA is the Federal Information Security Management Act of 2002, which provides the framework for securing the U.S. government's information technology.

Topics covered in the briefing session included standards-based vulnerability and remediation capabilities; Open Vulnerability and Assessment Language (OVAL); standards-compliant test rules to drive assessment and reporting using commercial products; leveraging OVAL-compliant versions of the DISA STIGS or CIS benchmarks with commercial tools; improving reporting of vulnerability and configuration status for FISMA; and leveraging automation and standards to make FISMA reporting economical.

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

March 21, 2006

New CME Identifier Released: CME-934

CME-934 was assigned on March 20, 2006. Aliases for this threat include Authentium: W32/Downloader.SEL@dl Aladdin Knowledge Systems: Win32.Agent.adu; Avira: TR/Dldr.Small.NIH; CA: Win32/Clagger.Q; ClamAV: Trojan.Downloader.Small-1133; ESET: Win32/TrojanDownloader.Small.NIH; Fortinet: W32/Small.NIJ!dldr; Grisoft: Generic.QYK; H+BEDV: TR/Dldr.Small.NIH; iDefense: Agent.ACX; Kaspersky: Trojan-Downloader:Win32.Agent.adu; McAfee: Downloader-ATM!CME-934; Microsoft: TrojanDownloader:Win32/Clagger.C!CME-934; Norman: W32/Clagger.C; Panda: Trj/Nabload.CC!CME-934; Sophos: Troj/Clagger-K; Symantec: PWSteal.Tarno.T; and Trend Micro: TROJ_CLAGGER.D.

Visit the CME List for a complete description of this and other CME identifiers. Notification of new CME identifiers is available from our RSS feed. Subscribe to the feed by clicking on the RSS or XML buttons located in the upper-right corner of the CME List page.

Back to top

March 8, 2006

Microsoft Aliases Added to CME List

Microsoft Corporation's malware aliases have been added to the appropriate CME identifiers on the CME List page. Including vendor aliases enables users to review a CME-ID and then follow the url for one or more of the vendor aliases to retrieve additional data about the threat and/or, depending on the vendor, fix information.

CASEScontact Threat Advisory Includes CME-ID as Alias

A CME identifier is included as an alias in a February 2, 2006 threat advisory from CASEScontact.org. CME-24 was included as an alias for W32.Blackmal.E@mm. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

JANET-CERT Includes CME Identifier in Virus Alert

JANET-CERT, the UK's education and research network, issued an advisory on January 25, 2006 that referenced CME-24. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

Indian CERT Includes CME Identifier in Virus Alert

Indian CERT (CERT-In) issued a virus alert on January 23, 2006 that referenced CME-24. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

CME to Present Briefing at MISTI's FISMA Risk Management & Compliance Training Symposium on March 14th

CME Team Member Robert A. Martin is scheduled to present a briefing on March 14, 2006 entitled "Program Automation and Standards: The Key to Economic FISMA Compliance" at MIS Training Institute's (MISTI) "FISMA Risk Management & Compliance Training Symposium" in Washington, D.C., USA. FISMA is the Federal Information Security Management Act of 2002, which provides the framework for securing the U.S. government's information technology.

Topics that will be covered in the briefing session include standards-based vulnerability and remediation capabilities; Open Vulnerability and Assessment Language (OVAL); standards-compliant test rules to drive assessment and reporting using commercial products; leveraging OVAL-compliant versions of the DISA STIGS or CIS benchmarks with commercial tools; improving reporting of vulnerability and configuration status for FISMA; and leveraging automation and standards to make FISMA reporting economical.

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

February 22, 2006

'Scope of CME Implementation' Added to CME Web Site

A Scope of CME Implementation section has been added to the homepage of the CME Web site. The new section explains how the current implementation of CME addresses high-profile threats, and how we are working to address more localized, targeted threats for the future of CME.

CME Hosts Booth at RSA Conference 2006, February 13-17

MITRE hosted a CME/OVAL/CVE exhibitor booth at RSA Conference 2006 on February 13-17, 2006 at the McEnery Convention Center, in San Jose, California, USA. The RSA Conference provides a forum for information security professionals and visionaries to "exchange and collaborate in a dynamic, authoritative setting." The event introduced CME, OVAL, and CVE to security professionals from industry, government, and academia from around the world. Organizations listed on the Products and Services Including CME Identifiers page also exhibited.

Photos from the event are included below:

RSA 2006 RSA 2006 RSA 2006 RSA 2006 RSA 2006 RSA 2006 RSA 2006 RSA 2006 RSA 2006

Visit the CME Calendar for information or contact cme@mitre.org to have CME present a briefing or participate in a panel discussion about CME, OVAL, CVE, and/or other vulnerability management topics at your event.

CME-24 Main Topic of Article on '24-Hour Technology News' Section of Sacramento Bee Web Site

CME-24 was the main topic of a February 4, 2006 article on the '24-Hour Technology News' section of the Sacramento Bee newspaper Web site entitled "Computer worm causes little damage." The article describes the threat using CME-24 as its name and calling it the "official name" for the threat. The article also discusses the amount of damage it caused. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on Comcast.net

CME-24 was the main topic of a February 3, 2006 article on the 'Technology News' section Comcast.net entitled "Researchers Fear Confusion on Worm Name." The article describes the threat using CME-24 as its name and calling it the "official name" for the threat. The article also describes what CME is and isn't, notes that the effort is sponsored by the U.S. Department of Homeland Security, and provides a link to the CME Web site. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on BBC News

CME-24 was the main topic of a February 3, 2006 article on BBCNews.com Web site entitled "'Limited' damage from Nyxem virus." The article describes the threat using CME-24 as its name and discusses the amount of damage it caused. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on AOL News

CME-24 was the main topic of a February 3, 2006 article on AOL News Web site entitled "Worm May Damage Files on Feb. 3rd." The article describes the threat and mentions CME-24 as one of the aliases. Details about CME-24 and all CME identifiers are available on the CME List.

Back to top

February 16, 2006

New CME Identifier Released: CME-4

CME-4 was assigned on February 16, 2006. Aliases for this threat include Authentium: MacOS/Leap.A; Avira: MacOS/Leap.A; CA: OSX/Leap.A; ClamAV: Trojan.Leap.A; ESET: Mac/Leap.A; Fortinet: OSX/Leap!worm; F-secure: Leap.A; H+BEDV: MacOS/Leap.A; McAfee: OSX/Leap; Panda: OSX/Oomp.A.worm; Sophos: OSX/Leap-A; Symantec: OSX.Leap.A; and Trend Micro: OSX_LEAP.A.

Visit the CME List for a complete description of this and other CME identifiers. Notification of new CME identifiers is available from our RSS feed. Subscribe to the feed by clicking on the RSS or XML buttons located in the upper-right corner of the CME List page.

Back to top

February 10, 2006

New CME Sample Redistribution Group Member

iDefense, Inc. has joined the CME Sample Redistribution Group.

Microsoft Corporation Includes CME-ID in Security Advisory

Microsoft Corporation issued a security advisory on January 30, 2006 that referenced CME-24. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

CA's Virus Information Center Includes CME-ID as Alias

A CME identifier is included as an alias in CA's free Virus Information Center. CME-24 was included as an alias and as part of the name for Win32/Blackmal.F!CME24. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

AusCERT Includes CME Identifier in Virus Alert

AusCERT issued a virus alert on February 2, 2006 that referenced CME-24. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

GRISOFT's Virus Encyclopedia Including CME-IDs as Aliases

CME identifiers are included as aliases in GRISOFT's free AVG Anti Virus: Virus Encyclopedia. CME-503 was included as an alias and as part of GRISOFT's name for Downloader.Generic.POS!CME-503. Numerous other entries in the encyclopedia also include CME-IDs. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

GRISOFT is a member of the CME Sample Redistribution Group.

Authentium, Inc. Virus Definition Includes CME-ID as Alias

A CME identifier is included as an alias in Authentium, Inc.'s free Virus Definition Files. CME-24 was included as an alias and as part of the name for W32/Kapser.A@mm. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

Authentium is a member of the CME Sample Redistribution Group.

HispaVista S.L. Virus Encyclopedia Including CME-IDs as Aliases

CME identifiers are included as aliases in HispaVista's free Enciclopedia de virus. CME-419 was included as an alias and as part of W32/Antimule.A.worm!CME-419. Numerous other entries in the encyclopedia also include CME-IDs. See the Products and Services Including CME Identifiers page for a complete list of the organizations that are including or have included CME identifiers in their anti-virus and information security products and services.

CME to Host Booth at RSA Conference 2006, February 13-17

MITRE is scheduled to host a CME/OVAL/CVE exhibitor booth at RSA Conference 2006 on February 13-17, 2006 at the McEnery Convention Center, in San Jose, California, USA. RSA Conference provides a forum for information security professionals and visionaries to "exchange and collaborate in a dynamic, authoritative setting." The event will introduce CME, OVAL, and CVE to security professionals from industry, government, and academia from around the world. Organizations listed on the Products and Services Including CME Identifiers page will also be exhibiting. Please stop by Booth 1743, or any of these booths, and say hello.

Visit the CME Calendar for information or contact cme@mitre.org to have CME present a briefing or participate in a panel discussion about CME, OVAL, CVE, and/or other vulnerability management topics at your event.

CME Main Topic of Opinion Column in Microsoft Certified Professional Magazine Online

CME was the main topic of a February 2006 "Security Watch" column on Microsoft Certified Professional Magazine Online entitled "Opinion: Overblown Malware Threats: The New Reality?" Throughout the article the uses CME-24 to reference the threat, public reaction to it, and when discussing the potential damage it could cause. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on ZDNet Asia Web Site

CME-24 was the main topic of a February 6, 2006 article on ZDNet Asia entitled "Kama Sutra worm hype may bite back." The article describes the threat using CME-24 as its name and discusses the amount of damage it caused. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on CIO Today

CME-24 was the main topic of a February 3, 2006 article on CIO Today entitled "Kama Sutra Worm Not as Damaging as Expected." The article describes the threat and mentions CME-24 as one of the aliases. Details about CME-24 and all CME identifiers are available on the CME List.

CME and CME-24 Main Topics of Article on MSNBC Web Site

CME-24 was the main topic of a February 3, 2006 article on MSNBC entitled "What's in a virus name? A lot of confusion." The article describes the threat using CME-24 as its name and calling it the "official name" for the threat. The article also describes what CME is and isn't, mentions that the CME Web site was launched in October, and notes that the effort is sponsored by the U.S. Department of Homeland Security. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on Yahoo News

CME-24 was the main topic of a February 3, 2006 article on Yahoo News entitled "Researchers Fear Confusion on Worm Name." The article describes the threat using CME-24 as its name and calling it the "official name" for the threat. The article also describes what CME is and isn't and notes that it is sponsored by the U.S. Department of Homeland Security. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on Turk.Internet.com

CME-24 was the main topic of a February 3, 2006 article on Turk.Internet.com entitled "ve.. Nyxem Vurdu.. Toplam 600.00 PC'yi." The article describes the threat and mentions CME-24 as one of the aliases. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article in Le Monde

CME-24 was the main topic of a February 1, 2006 article in Le Monde entitled "Le virus CME-24 menace des centaines de milliers d'ordinateurs." The article, written in French, describes the threat and the potential damage it could cause, and mentions several aliases. The author also uses CME-24 throughout the article to reference the threat. A fee may be required to read this article. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article in Boston Globe

CME was mentioned in a January 31, 2006 article in the Boston Globe entitled "Researchers warn of file-destroying worm." CME is mentioned in a quote by Mikko Hypponen, chief research officer for F-Secure Corporation, who states: The worm, known as "CME-24," "BlackWorm," "Mywife.E" or a number of other monikers, even tries to disable anti-virus software that is out of date." F-Secure is a member of the CME Editorial Board and the CME Sample Redistribution Group. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Mentioned in Article in SANS News Bites Newsletter

CME-24 was mentioned at the first topic in the January 31, 2006 edition of the SANS News Bites e-newsletter in a statement by SANS Institute director, and OVAL Board member, Alan Paller: "The CME-24 worm is really as bad as the news stories make it out to be. SANS Internet Storm Center has records of more than 300,000 victims. If their ISPs don't let them know about the problem they will lose most of their key files. This may be a good chance to see whether the courts will find ISPs and other network owners liable for not protecting their customers when they knew in advance that the customers' data was at risk." CME-24 was also the main topic of a brief article in the issue entitled "UK ISP Notifying Users Who May be Infected by CME 24." Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Main Topic of Article on BBC News Web Site

CME-24 was mentioned in a January 30, 2006 article on BBCNews.com entitled "Countdown for Windows virus." The article describes the threat and the potential damage it could cause and mentions CME-24 as one of the aliases. Details about CME-24 and all CME identifiers are available on the CME List.

CME-24 Mentioned in Article on ZDNet.com

CME-24 was mentioned in a January 26, 2006 article on ZDNET.com entitled "Kama Sutra prevention and cure." The article describes the threat and the potential damage it could cause and mentions CME-24 as one of the aliases. Details about CME-24 and all CME identifiers are available on the CME List.

CME Hosts Booth at IA Conference Workshop, January 30 - February 1

MITRE hosted a CME/CVE/OVAL exhibitor booth at the 10th annual U.S. Department of Defense (DOD) Information Assurance (IA) Conference Workshop on January 30 – February 1, 2006 at the Philadelphia Marriott Downtown, in Philadelphia, Pennsylvania, USA. The purpose of the workshop, which was hosted by the Defense Information Systems Agency (DISA), National Security Agency (NSA), Joint Staff, and the United States Strategic Commands, was to provide a forum in which the IA community can provide updates and work issues on relevant IA topics that have been aligned with the goals of DOD IA strategy. The event introduced CME, OVAL, and CVE to representatives of the DOD and other Federal Government employees and their sponsored contractors.

Visit the CME Calendar for information or contact cme@mitre.orgto have CME present a briefing or participate in a panel discussion about CME, OVAL, CVE, and/or other vulnerability management topics at your event.

Back to top

February 6, 2006

New CME Identifier Released: CME-328

CME-328 was assigned on February 6, 2006. Aliases for this threat include Authentium: W32/Bagle.DW@mm; Avira: Worm/Bagle.FI; CA: Win32/Bagle.DR; ClamAV: Worm.Bagle.CP; ESET: Win32/Bagle.FA; Fortinet W32/Bagle.DW-mm; F-Secure: W32/Bagle.DW@mm; GRISOFT: I-Worm/Bagle generic; H+BEDV: Worm/Bagle.FI; Kaspersky: Email-Worm.Win32.Bagle.fj; McAfee: W32/Bagle.dp@MM; Norman: W32/Mitglied.PR; Panda: W32/Bagle.GS.worm; Sophos: Troj/BagleDl-BZ; Symantec: W32.Beagle.DL@mm; and Trend Micro: WORM_BAGLE.CL.

Visit the CME List for a complete description of this and other CME identifiers. Notification of new CME identifiers is available from our RSS feed. Subscribe to the feed by clicking on the RSS or XML buttons located in the upper-right corner of the CME List page.

Back to top

January 25, 2006

New CME Sample Redistribution Group Member

Aladdin Knowledge Systems has joined the CME Sample Redistribution Group.

CME Announces Initial 'Calendar of Events' for 2006

The CME Initiative has announced its initial calendar of events for the first half of 2006. Details regarding MITRE's scheduled participation at these events are noted on the CME Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.

Other events will be added throughout the year. Visit the CME Calendar for information or contact cme@mitre.org to have CME present a briefing or participate in a panel discussion about CME, CVE, and OVAL and/or other vulnerability management topics at your event.

CME to Host Booth at IA Conference Workshop, January 30 - February 1

MITRE is scheduled to host a CME/CVE/OVAL exhibitor booth at the 10th annual U.S. Department of Defense (DOD) Information Assurance (IA) Conference Workshop on January 30 - February 1, 2006 at the Philadelphia Marriott Downtown, in Philadelphia, Pennsylvania, USA. The purpose of the workshop, which is hosted by the Defense Information Systems Agency (DISA), National Security Agency (NSA), Joint Staff, and the United States Strategic Command, is to provide a forum in which the IA community can provide updates and work issues on relevant IA topics that have been aligned with the goals of DOD IA strategy. The event will introduce CME, OVAL, and CVE to representatives of the DOD and other Federal Government employees and their sponsored contractors. Please stop by Booth 207 and say hello.

Visit the CME Calendar for information or contact cme@mitre.org to have CME present a briefing or participate in a panel discussion about CME, OVAL, CVE, and/or other vulnerability management topics at your event.

CME Hosts Booth at Homeland Security for Networked Industries 2006 Conference & Expo

MITRE hosted a CME/CVE/OVAL exhibitor booth at Homeland Security for Networked Industries (HSNI) 2006 Conference & Expo on January 9-11, 2006 at Walt Disney World Resort, in Orlando, Florida, USA. Visit the CME Calendar page for information on this and other upcoming events.

Back to top

January 24, 2006

New CME Identifier Released: CME-24

CME-24 was assigned on January 24, 2006. Aliases for this threat include W32/Kapser.A@mm; Worm/KillAV.GR; Win32/Blackmal.F; Win32/VB.NEI; W32/Grew.A!wm; Nyxem.E; Worm/Generic.FX; Worm/KillAV.GR; Email-Worm.Win32.Nyxem.e; W32/MyWife.d@MM; W32/Small.KI; W32/Tearec.A.worm; W32/Nyxem-D; W32.Blackmal.E@mm; and WORM_GREW.A. Visit the CME List for a complete description of this and other CME identifiers.

Notification of new CME identifiers is available from our RSS feed. Subscribe to the feed by clicking on the RSS or XML buttons located in the upper-right corner of the CME List page.

Back to top

January 23, 2006

New CME Identifier Released: CME-503

CME-503 was assigned on January 20, 2006. Aliases for this threat include W32/Downloader.MQT; TR/Dldr.Delf.qx; W32/Clagger Family; W32/Ewojim!tr; Downloader.Generic.POS; TR/Dldr.Delf.qx; Trojan-Downloader.Win32.Agent.ado; Downloader-ATM; W32/DLoader.QSE; Trj/Downloader.HGN!CME-503; Troj/Clagger-D; PWSteal.Tarno.R; and TROJ_AGENT.APS. Visit the CME List for a complete description of this and other CME identifiers.

Notification of new CME identifiers is available from our RSS feed. Subscribe to the feed by clicking on the RSS or XML buttons located in the upper-right corner of the CME List page.

Back to top

January 9, 2006

New CME Editorial Board Member and CME Sample Redistribution Group Member

Arbor Networks has joined the CME Editorial Board and CME Sample Redistribution Group.

New CME Sample Redistribution Group Member

Authentium, Inc. has joined the CME Sample Redistribution Group.

New CME Sample Redistribution Group Member

Fortinet Technologies, Inc. has joined the CME Sample Redistribution Group.

New CME Sample Redistribution Group Member

Grisoft has joined the CME Sample Redistribution Group.

New CME Sample Redistribution Group Member

AVIRA / H+BEDV has joined the CME Sample Redistribution Group.

Back to top