Malware, with the exception of boot sector viruses and some file infectors, is named according to the following format:
PREFIX_THREATNAME.SUFFIX
The suffix used in the naming convention indicates the variant of the
threat. The suffix assigned to a new threat (meaning the binary code for
the threat is not similar to any existing threats) is the alpha character
Suffix |
Description |
---|---|
No Suffix |
Boot sector viruses or file infector |
1OH |
File infector |
ADW |
Adware |
ALS |
Auto-LISP script malware |
ATVX |
ActiveX malicious code |
BAT |
Batch file virus |
BHO |
Browser Helper Object - A non-destructive toolbar application |
BKDR |
Backdoor virus |
CHM |
Compiled HTML file found on malicious Web sites |
COOKIE |
Cookie used to track a user's Web habits for the purpose of data mining |
COPY |
Worm that copies itself |
DI |
File infector |
DIAL |
Dialer program |
DOS, DDOS |
Virus that prevents a user from accessing security and antivirus company Web sites |
ELF |
Executable and Link format viruses |
EXPL |
Exploit that does not fit other categories |
FLOODER |
Tool that allows remote malicious hackers to flood data on a specified IP, causing the target system to hang |
FONO |
File infector |
GCAE |
File infector |
GENERIC |
Memory-resident boot virus |
HKTL |
Hacking tool |
HTML |
HTML virus |
IRC |
Internet Relay Chat malware |
JAVA |
Java malicious code |
JOKEz |
Joke program |
JS |
JavaScript virus |
NE |
File infector |
NET |
Network virus |
PALM |
Palm PDA-based malware |
PARITY |
Boot virus |
PE |
File infector |
PERL |
Malware, such as a file infector, created in PERL |
RAP |
Remote access program |
REG |
Threat that modifies the system registry |
SPYW |
Spyware |
SYMBOS |
Trojan that affects telephones using the Symbian operating system |
TROJ |
Trojan |
UNIX |
Linux/UNIX script malware |
VBS |
VBScript virus |
WORM |
Worm |
W2KM, W97M, X97M, P97M, A97M, O97M, WM, XF, XM, V5M |
Macro virus |