-
Notifications
You must be signed in to change notification settings - Fork 16
Proposal: Modify MalwareLabelEnum Enumeration
Status: CLOSED
Comment Period Closes: July 28th, 2015
Affects Backwards Compatibility: No
Relevant Issues:
https://github.com/MAECProject/schemas/issues/62
https://github.com/MAECProject/schemas/issues/64
There are a few issues relating to some of the malware label values captured in the MalwareLabelEnum-1.0
enumeration: some do not have accurate descriptions, there are some potentially useful values missing, and one value is too broad.
We propose to update MalwareLabelEnum-1.0
to MalwareLabelEnum-1.1
in the MAEC Default Vocabularies schema by making the following changes:
-
The
malcode
value will be removed because it is too broad to be useful. -
Descriptions for the
fork bomb
andwabbit
values will be changed as follows.
Value | Description |
---|---|
fork bomb | The 'fork bomb' value specifies a program that replicates many times on one system, usually until the system runs out of memory or disk space, causing a denial of service. The replicated programs also replicate so that the number grows exponentially. A fork bomb is a type of wabbit. |
wabbit | The 'wabbit' value specifies a form of self-replicating malware. Unlike worms, wabbits do not attempt to spread across networks. Also known as a 'rabbit'. |
The following new values will be added.
Value | Description |
---|---|
joke program | The 'joke program' value specifies a program that interferes with the normal behavior of a machine, creating a nuisance. |
scareware | The 'scareware' value specifies a program that reports false or significantly misleading information on the presence of security risks, threats, or system issues on the target computer. |
parental control | The 'parental control' value specifies a program that monitors or limits machine usage. They can run undetected and can transmit monitoring information to another machine. |
security assessment tool | The 'security assessment tool' value specifies a program that can be used to gather information for unauthorized access to computer systems. |
trackware | The 'trackware' value specifies a program that traces a user's path on the Internet and sends information to third parties. Compare to spyware, which monitors system activity to capture confidential information such as passwords. |
As an optional, updated version of the MalwareLabelEnum, this change will be backward compatible.
- Are the proposed descriptions changes accurate and necessary?
- Are the proposed additional values appropriate?