Trend Micro InterScan Gateway Security Appliance M-Series ...

Trend Micro InterScan Gateway Security Appliance M-Series Administrator’s Guide
Malware Naming Formats
Malware, with the exception of boot sector viruses and some file infectors, is named
according to the following format:
F-6
PREFIX_THREATNAME.SUFFIX
The suffix used in the naming convention indicates the variant of the threat. The
suffix assigned to a new threat (meaning the binary code for the threat is not similar
to any existing threats) is the alpha character “A.” Subsequent strains are given
subsequent suffixes, for example, “B”, “C,” “D.” Occasionally a threat is assigned a
special suffix, (.GEN, for generic detection or .DAM if the variant is damaged or
malformed).
TABLE F-3. Malware naming
Prefix Description
No prefix Boot sector viruses or file infector
1OH File infector
ADW Adware
ALS Auto-LISP script malware
ATVX ActiveX malicious code
BAT Batch file virus
BHO Browser Helper Object - A non-destructive toolbar application
BKDR Backdoor virus
CHM Compiled HTML file found on malicious Web sites
COOKIE Cookie used to track a user's Web habits for the purpose of data mining
COPY Worm that copies itself
DI File infector
DIAL Dialer program
DOS, DDOS Virus that prevents a user from accessing security and antivirus company
Web sites
ELF Executable and Link format viruses
EXPL Exploit that does not fit other categories