Malware Naming

Malware, with the exception of boot sector viruses and some file infectors, is named according to the following format:

The suffix used in the naming convention indicates the variant of the threat. The suffix assigned to a new threat (meaning the binary code for the threat is not similar to any existing security risks) is the alpha character "A.” Subsequent strains are given subsequent suffixes, for example, "B”, "C", "D”. Occasionally a threat is assigned a special suffix, (.GEN, for generic detection or .DAM if the variant is damaged or malformed).

Prefix	Description
No prefix	Boot sector viruses or file infector
1OH	File infector
ADW	Adware
ALS	Auto-LISP script malware
ATVX	ActiveX malicious code
BAT	Batch file virus
BHO	Browser Helper Object - A non-destructive toolbar application
BKDR	Backdoor virus
CHM	Compiled HTML file found on malicious Web sites
COOKIE	Cookie used to track a user's Web habits for the purpose of data mining
COPY	Worm that copies itself
DI	File infector
DIAL	Dialer program
DOS, DDOS	Virus that prevents a user from accessing security and antivirus company Web sites
ELF	Executable and Link format viruses
EXPL	Exploit that does not fit other categories
FLOODER	Tool that allows remote malicious hackers to flood data on a specified IP, causing the target system to hang
FONO	File infector
GCAE	File infector
GENERIC	Memory-resident boot virus
HKTL	Hacking tool
HTML	HTML virus
IRC	Internet Relay Chat malware
JAVA	Java malicious code
JOKE	Joke program
JS	JavaScript virus
NE	File infector
NET	Network virus
PALM	Palm PDA-based malware
PARITY	Boot virus
PE	File infector
PERL	Malware, such as a file infector, created in PERL
RAP	Remote access program
REG	Threat that modifies the system registry
SPYW	Spyware
SYMBOS	Trojan that affects telephones using the Symbian operating system
TROJ	Trojan
UNIX	Linux/UNIX script malware
VBS	VBScript virus
WORM	Worm
W2KM, W97M, X97M, P97M, A97M, O97M, WM, XF, XM, V5M	Macro virus