Naming malware

We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) malware naming scheme. The scheme uses the following format:

Naming format as it applies to a Caphaw detection

When our analysts research a particular threat, they will determine what each of the components of the name will be.

  • Type — describes what the malware does on your computer. Worms, viruses, trojans, backdoors, and ransomware are some of the most common types of malware.
  • Platform — indicates the operating system (such as Windows, Mac OS X, and Android) that the malware is designed to work on. The platform is also used to indicate programming languages and file formats.
  • Family — grouping of malware based on common characteristics, including attribution to the same authors. Security software providers sometimes use different names for the same malware family.
  • Variant letter — used sequentially for every distinct version of a malware family. For example, the detection for the variant ".AF" would have been created after the detection for the variant ".AE".
  • Additional information — provides extra detail about the malware, including how it is used as part of a multicomponent threat. In the example above, "!lnk" indicates that the threat component is a shortcut file used by Trojan:Win32/Reveton.T.


Additional information

Latest news