Home > Daily Thoughts, malware report > Archived Malware Reports

Archived Malware Reports

It feels good when your old malware reports still exist. I’m saying this because there was once a ruling (Trend Micro AV guidelines) that the last one who analyzed and modified the report gets the credit. So, the original analyst name is removed. I think they already modified this rule …

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_CORN.A

http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE%5FPCHAUNT%2EA

http://www.trendmicro.com/vinfo/de/virusencyclo/default5.asp?VName=REG%5FZIKDOW%2EA

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=REG_ZIKDOW.A&VSect=T

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FBARGBUDDY%2EA

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DAEMONIZE.A&VSect=T

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALPHX.A&VSect=T

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML%5FALPHX%2EA&VSect=T

I remember this, the detection name was named after my sister – Minehaha.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_MINEH.A&VSect=T

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=IRC%5FMINEH%2EA&VSect=T

I can’t find my name anymore… TROJ_THEMS — Meths. Actually, the rule is if its new and nobody detects it, then the analyst can name it (of course, following the naming conventions and guidelines).

Speaking of malware naming conventions, this topic is currently a who lot confusion to the industry… few AVs follow CARO naming scheme while others have their own.

Another thing is ethical issue, usually everyone gives the credit of following the detection name if someone already created the detection for that malware (given the name is right – meaning it is readable and doesn’t have any conflicts to a person, company and etc..) but some AV doesn’t follow instead they create their own name (perhaps, for marketing and PR/media purposes).

Refer this recent list/update from AVTest.org:

2008-05-12 Cross Reference List of Virus Names
Each vendor of anti-virus software has a different naming convention and the same virus could have a completely different name in another company’s product. To provide a candle in the dark and diminish the current confusion we created a cross-reference list of all virus names (421 KB), based on the WildList 03/2008

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: