When searching for a virus name, you should be aware of the naming conventions used by Symantec/Norton AntiVirus. Virus names consist of a Prefix, a Name, and often a Suffix.
- The Prefix denotes the platform on which the virus replicates or the type of virus. A DOS virus usually does not contain a Prefix.
- The Name is the family name of the virus.
- The Suffix may not always exist. Suffixes distinguish among variants of the same family and are usually numbers denoting the size of the virus or letters.
| PREFIXES | |
| A2KM | Access macro viruses that are native to Access 2000. |
| A97M | Access macro viruses that are native to Access 97. |
| AM | Access macro viruses that are native to Access 95 |
| AOL | Trojan horses that are specific to America Online environments and usually steal AOL password information |
| BAT | Batch file threats. |
| Backdoor | Threats may allow unauthorized users to access your computer across the Internet. |
| Bloodhound | Bloodhound is the name of the Norton AntiVirus heuristic scanning technology for detecting new and unknown viruses |
| DDos | Distributed Denial of Service threats. Distributed Denial of Service involves using zombie computers in an attempt to flood an Internet site with traffic. |
| DoS | Denial of Service threats. Not to be confused with DOS viruses, which are named without prefixes. |
| HLLC | High Level Language Companion viruses. These are usually DOS viruses that create an additional file (the companion) to spread. |
| HLLO | High Level Language Overwriting viruses. These are usually DOS viruses that overwrite host files with viral code. |
| HLLP | High Level Language Parasitic viruses. These are usually DOS viruses that attach themselves to host files. |
| HLLW | A worm that is compiled using a High Level Language. (NOTE: This modifier is not always a prefix, it is only a prefix in the case of a DOS High Level Language Worm. If the Worm is a Win32 file, the proper name would be W32.HLLW.) |
| HTML | Threats that target HTML files. |
| IRC | Threats that target IRC applications. |
| JS | Threats that are written using the JavaScript programming language. |
| Java | Viruses that are written using the Java programming language. |
| Linux | Threats that target the Linux operating system. |
| O2KM | Office 2000 macro viruses. May infect across different types of Office 2000 documents. |
| O97M | Office 97 macro viruses. May infect across different types of Office 97 documents. |
| OM | Office macro viruses. May infect across different types of Office documents. |
| PWSTEAL | Trojan horses that steal passwords. |
| Palm | Threats that are designed to run specifically on the Palm OS. |
| Trojan/Troj | These files are not viruses, but Trojan horses. Trojan horses are files that masquerade as helpful programs, but are actually malicious code. Trojan horses do not replicate. |
| UNIX | Threats that run under any UNIX-based operating system. |
| VBS | Viruses that are written using the Visual Basic Script programming language. |
| W2KM | Word 2000 macro viruses. These are native to Word 2000 and replicate under Word 2000 only. |
| W32 | 32-bit Windows viruses that can infect under all 32-bit Windows platforms. |
| W95 | Windows 95 viruses that infect files under the Windows 95 operating system. Windows 95 viruses often work in Windows 98 also. |
| W97M | Word 97 macro viruses. These are native to Word 97 and replicate under Word 97 only. |
| W98 | Windows 98 threats that infect files under the Windows 98 operating system. Will only work in Windows 98. |
| WM | Word macro viruses that replicate under Word 6.0 and Word 95 (Word 7.0). They may also replicate under Word 97 (Word 8.0), but are not native to Word 97. |
| WNT | 32-bit Windows viruses that can infect under the Windows NT operating system. |
| Win | Windows 3.x viruses that infect files under the Windows 3.x operating system. |
| X2KM | Excel macro viruses that are native to Excel 2000. |
| X97M | Excel macro viruses that are native to Excel 97. These viruses may replicate under Excel 5.0 and Excel 95 as well. |
| XF | Excel formula viruses are viruses using old Excel 4.0 embedded sheets within newer Excel documents. |
| XM | Excel macro viruses that are native to Excel 5.0 and Excel 95. These viruses may replicate in Excel 97 as well. |
| SUFFIXES | |
| @m | Signifies the virus or worm is a mailer. An example is Happy99 (W32.Ska), which only sends itself by email when you (the user) send mail. |
| @mm | Signifies the virus or worm is a mass-mailer. An example is Melissa, which sends messages to every email address in your mailbox. |
| dam | Indicates a detection for files that have been corrupted by a threat, or that may contain inactive remnants of a threat, causing the files to no longer be able to execute properly or produce reliable results. |
| dr | Indicates that the detected file is a dropper for another threat. |
| Family | Indicates a generic detection for threats that belong to a particular threat family based on viral characteristics. |
| Gen | Indicates a generic detection for threats that belong to a particular threat type based on viral characteristics. |
| Int | Indicates an intended threat. Threats that are intended to spread, but don't due to bugs or errors in the viral code. |
| Worm | Indicates a worm, not a virus. Worms make copies of themselves that they send across a network or using email, or another transport mechanism |
No comments:
Post a Comment