We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization
(CARO) malware naming scheme. The scheme uses the following format:
When our analysts research a particular threat, they will determine what each of the components of the name will be.
Type — describes what the malware does on your computer. Worms, viruses, trojans, backdoors,
and ransomware are some of the most common types of malware.
Platform — indicates the operating system (such as Windows, Mac OS X, and Android)
that the malware is designed to work on. The platform is also used to indicate programming languages and file
Family — grouping of malware based on common characteristics, including attribution
to the same authors. Security software providers sometimes use different names for the same malware family.
Variant letter — used sequentially for every distinct version of a malware family.
For example, the detection for the variant ".AF" would have been created after the detection for the variant
Additional information — provides extra detail about the malware, including how it
is used as part of a multicomponent threat. In the example above, "!lnk" indicates that the threat component
is a shortcut file used by Trojan:Win32/Reveton.T.