Malware, with the exception of boot sector viruses and some file infectors, uses the following format:
PREFIX_THREATNAME.SUFFIX
The suffix used in the naming convention indicates the variant of the
threat. The suffix assigned to a new threat (meaning the binary code for
the threat is not similar to any existing threats) is the alpha character
|
Prefix |
Description |
|---|---|
|
ADW |
Adware |
|
ALS |
Auto-LISP script malware |
|
ATVX |
ActiveX malicious code |
|
BAT |
Batch file virus |
|
BHO |
Browser Helper Object - A non-destructive toolbar application |
|
BKDR |
Backdoor virus |
|
CHM |
Compiled HTML file found on malicious Web sites |
|
COOKIE |
Cookie used to track a user's Web habits for the purpose of data mining |
|
DIAL |
Dialer program |
|
DOS, DDOS |
Virus that prevents a user from accessing security and antivirus company Web sites |
|
ELF |
Executable and Link format viruses |
|
EXPL |
Exploit that does not fit other categories |
|
GENERIC |
Memory-resident boot virus |
|
HKTL |
Hacking tool |
|
HTML |
HTML virus |
|
IRC |
Internet Relay Chat malware |
|
JAVA |
Java malicious code |
|
JOKE |
Joke program |
|
JS |
JavaScript virus |
|
NE |
File infector |
|
PALM |
Palm PDA-based malware |
|
PE |
File infector |
|
PERL |
Malware, such as a file infector, created in PERL |
|
RAP |
Remote access program |
|
REG |
Threat that modifies the system registry |
|
RTKT |
Rootkit programs |
|
SPYW |
Spyware/Grayware |
|
SYMBOS |
Trojan that affects telephones using the Symbian operating system |
|
TSPY |
Malicious malware |
|
TROJ |
Trojan |
|
UNIX |
Linux/UNIX script malware |
|
VBS |
VBScript virus |
|
WORM |
Worm |
|
W2KM, W97M, X97M, P97M, A97M, O97M, WM, XF, XM, V5M, X2KM, X97M |
Macro virus |