Malware Naming

Malware, with the exception of boot sector viruses and some file infectors, is named according to the following format:

PREFIX_THREATNAME.SUFFIX

The suffix used in the naming convention indicates the variant of the threat. The suffix assigned to a new threat (meaning the binary code for the threat is not similar to any existing threats) is the alpha character ”A.” Subsequent strains are given subsequent suffixes, for example,  ”B” , "C", "D”. Occasionally a threat is assigned a special suffix, (.GEN, for generic detection  or .DAM if the variant is damaged or malformed).

Suffix

Description

No Suffix

Boot sector viruses or file infector

1OH

File infector

ADW

Adware

ALS

Auto-LISP script malware

ATVX

ActiveX malicious code

BAT

Batch file virus

BHO

Browser Helper Object - A non-destructive toolbar application

BKDR

Backdoor virus

CHM

Compiled HTML file found on malicious Web sites

COOKIE

Cookie used to track a user's Web habits for the purpose of data mining

COPY

Worm that copies itself

DI

File infector

DIAL

Dialer program

DOS, DDOS

Virus that prevents a user from accessing security and antivirus company Web sites

ELF

Executable and Link format viruses

EXPL

Exploit that does not fit other categories

FLOODER

Tool that allows remote malicious hackers to flood data on a specified IP, causing the target system to hang

FONO

File infector

GCAE

File infector

GENERIC

Memory-resident boot virus

HKTL

Hacking tool

HTML

HTML virus

IRC

Internet Relay Chat malware

JAVA

Java malicious code

JOKEz

Joke program

JS

JavaScript virus

NE

File infector

NET

Network virus

PALM

Palm PDA-based malware

PARITY

Boot virus

PE

File infector

PERL

Malware, such as a file infector, created in PERL

RAP

Remote access program

REG

Threat that modifies the system registry

SPYW

Spyware

SYMBOS

Trojan that affects telephones using the Symbian operating system

TROJ

Trojan

UNIX

Linux/UNIX script malware

VBS

VBScript virus

WORM

Worm

W2KM, W97M, X97M, P97M, A97M, O97M, WM, XF, XM, V5M

Macro virus