Follow:

Naming malware

We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) Malware naming scheme.

This scheme uses the following format:

MMPC naming format as it applies to a Reveton detection

When our analysts research a particular threat, they will determine what each of the components of the name will be.

Type

The type describes what the threat does on your computer. Worms, trojans, viruses, and adware are some of the most common types of threats we detect.

Platform

The platform refers to the operating system (such as Windows, Mac OS X, and Android) that the threat is designed to work on. Platforms can also include programming languages and file formats.

Family

A group of threats with the same name is known as a family. Sometimes different security software companies use different names.

Variant letters

Variant letters are used sequentially for each different version or member of a family. For example, the detection for the variant “.AF” would have been created after the detection for the variant “.AE”.

Additional information

Additional information is sometimes used to describe a specific file or component that is used by another threat in relation to this threat. In the example above, the !lnk indicates that the threat is a shortcut file used by the Trojan:Win32/Reveton.T variant, as shortcut files usually use the extension .lnk.

Platform

Expand all
  • AndroidOS: Android operating system

    DOS: MS-DOS platform

    EPOC: Psion devices

    FreeBSD: FreeBSD platform

    iPhoneOS: iPhone operating system

    Linux: Linux platform

    MacOS: MAC 9.x platform or earlier

    MacOS_X: MacOS X or later

    OS2: OS2 platform

    Palm: Palm operating system

    Solaris: System V-based Unix platforms

    SunOS: Unix platforms 4.1.3 or lower

    SymbOS: Symbian operating system

    Unix: general Unix platforms

    Win16: Win16 (3.1) platform

    Win2K: Windows 2000 platform

    Win32: Windows 32-bit platform

    Win64: Windows 64-bit platform

    Win95: Windows 95, 98 and ME platforms

    Win98: Windows 98 platform only

    WinCE: Windows CE platform

    WinNT: WinNT

  • ABAP: Advanced Business Application Programming scripts

    ALisp: ALisp scripts

    AmiPro: AmiPro script

    ANSI: American National Standards Institute scripts

    AppleScript: compiled Apple scripts

    ASP: Active Server Pages scripts

    AutoIt: AutoIT scripts

    BAS: Basic scripts

    BAT: Basic scripts

    CorelScript: Corelscript scripts

    HTA: HTML Application scripts

    HTML: HTML Application scripts

    INF: Install scripts

    IRC: mIRC/pIRC scripts

    Java: Java binaries (classes)

    JS: Javascript scripts

    LOGO: LOGO scripts

    MPB: MapBasic scripts

    MSH: Monad shell scripts

    MSIL: .Net intermediate language scripts

    Perl: Perl scripts

    PHP: Hypertext Preprocessor scripts

    Python: Python scripts

    SAP: SAP platform scripts

    SH: Shell scripts

    VBA: Visual Basic for Applications scripts

    VBS: Visual Basic scripts

    WinBAT: Winbatch scripts

    WinHlp: Windows Help scripts

    WinREG: Windows registry scripts

  • A97M: Access 97, 2000, XP, 2003, 2007, and 2010 macros

    HE: macro scripting

    O97M: Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint

    PP97M: PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros

    V5M: Visio5 macros

    W1M: Word1Macro

    W2M: Word2Macro

    W97M: Word 97, 2000, XP, 2003, 2007, and 2010 macros

    WM: Word 95 macros

    X97M: Excel 97, 2000, XP, 2003, 2007, and 2010 macros

    XF: Excel formulas

    XM: Excel 95 macros

  • ASX: XML metafile of Windows Media .asf files

    HC: HyperCard Apple scripts

    MIME: MIME packets

    Netware: Novell Netware files

    QT: Quicktime files

    SB: StarBasic (Staroffice XML) files

    SWF: Shockwave Flash files

    TSQL: MS SQL server files

    XML: XML files

Additional suffixes

Expand all
  • .dam: damaged malware

    .dll: Dynamic Link Library component of a malware

    .dr: dropper component of a malware

    .gen: malware that is detected using a generic signature

    .kit: virus constructor

    .ldr: loader component of a malware

    .pak: compressed malware

    .plugin: plug-in component

    .remnants: remnants of a virus

    .worm: worm component of that malware

    !rootkit: rootkit component of that malware

    @m: worm mailers

    @mm: mass mailer worm