Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Nov 20th, 2008, 11:17am
   Mischel Internet Security Forum
   Internet Security
   General (Moderators: Helena, Gavin_Coe, Magnus)
   Naming  Malware 		« Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Naming  Malware  (Read 449 times)
mozar
Highly Honored Mass-Poster
*******





   


Posts: 1524
Naming  Malware
« on: Nov 4th, 2004, 6:08am »		 Quote Quote  Modify Modify
  Hello  ,
 
  Kaspersky  Labs  is  using  the  classification  below  :
 
 
 
   " ...  NAMING OF MALICIOUS PROGRAMS  :
 
 
The verdicts VirWare, TrojWare, MalWare, RiskWare, AdWare, PornWare encompass programs which are classed as being malicious. Malicious programs have the following characteristics:  
 
Verdict:  
 
is as follows:
 
Behaviour[ - Sub behaviour].OS.Name[.Modification:]
 
Verdict: this is the umbrella description for a virus sample: VirWare, TrojWare, MalWare, RiskWare, AdWare, PornWare, SPAM, or Attack
 
Behaviour: this defines the malicious program's payload. Backdoor, Virus etc. are all examples of Behaviour. A less threatening behaviour will be subsumed by the most threatening behaviour. For example, if a program has a backdoor function, but also infects files, the behaviour will be classified as Virus. If in addition to these behaviours, the malicious program spreads via network connections, the behaviour will be classified as Worm.  
 
Sub-behaviour: this category will not necessarily be present. If the malicious program does exhibit a sub-behaviour, this further defines the main behaviour. For instance, a malicious program classified as Trojan-Spy exhibits the sub-behaviour Spy and so on. The sub- behaviour is separated from the behavior by a dash.
 
In the case of worms, the sub-behaviour appears as a prefix to the main behaviour: P2P-Worm, Net-Worm etc.
 
OS defines the operating system in which the malicious program functions: Win32, BAT, IRC etc.
 
Name provides the name of the malicious program
 
Modification differentiates between the versions of a malicious program grouped under one name.  
 
An example of a name under the new classification system would be Trojan-Dropper.Win32.Agent.a.
The categories Behaviour, OS and Name must all be present. ...  " .
 
 
  All  I  know  is  that  I  would  like  to  see  * all *  developers  using  the  same  malware's  names  and  classification  ,   not  necessarily  that  one  from  KL  .
 
 
   Regards  ,
 
                     mozar
 
 
 
  
« Last Edit: Nov 4th, 2004, 6:09am by mozar » IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register