CME – the good and the not-so-good

CME – the idea is a good one – a common identifier that will allow everyone – customers, admins, journalists – to understand that, for instance, Bozori and Zotob are the same worm, despite the completely different names. Kaspersky Lab is an active participant in this initiative.

So much for the good. As everyone probably knows by now, today is the day Nyxem.e is damaging data on infected machines.

Yesterday, I had a lot of journalists asking a lot of questions about Nyxem.e and what to expect here in Moscow. And among all the info I gave, I made a point of telling everyone the CME number (CME-24) for Nyxem.e and asked everyone to use it.

I got to the office today and started reading the press. Nobody, but nobody, even mentioned the CME number. Instead, I ran into other names for Nyxem: Kama Sutra, for instance. The journalists weren’t interested in the CME number; instead they jumped on a dramatic name to replace Nyxem.e. They were obviously most interested in ‘screaming’ names that will catch readers’ eyes.

In short, I think we have a long, long way to go in teaching journalists – let alone anyone else – about CME.

Read more:

CME website

CME – the good and the not-so-good

Your email address will not be published. Required fields are marked *



The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox