Archived Malware Reports
It feels good when your old malware reports still exist. I’m saying this because there was once a ruling (Trend Micro AV guidelines) that the last one who analyzed and modified the report gets the credit. So, the original analyst name is removed. I think they already modified this rule …
I remember this, the detection name was named after my sister – Minehaha.
I can’t find my name anymore… TROJ_THEMS — Meths. Actually, the rule is if its new and nobody detects it, then the analyst can name it (of course, following the naming conventions and guidelines).
Speaking of malware naming conventions, this topic is currently a who lot confusion to the industry… few AVs follow CARO naming scheme while others have their own.
Another thing is ethical issue, usually everyone gives the credit of following the detection name if someone already created the detection for that malware (given the name is right – meaning it is readable and doesn’t have any conflicts to a person, company and etc..) but some AV doesn’t follow instead they create their own name (perhaps, for marketing and PR/media purposes).
Refer this recent list/update from AVTest.org:
2008-05-12 Cross Reference List of Virus Names
Each vendor of anti-virus software has a different naming convention and the same virus could have a completely different name in another company’s product. To provide a candle in the dark and diminish the current confusion we created a cross-reference list of all virus names (421 KB), based on the WildList 03/2008