New Virus UPdate F-Secure  

• Other:W32/False Positive
• Worm:W32/Todon.I
• Trojan:JS/Obfuscated.Gen
• Backdoor:WinCE/PhoneCreeper.A
• Other:W32/Generic
• Application:W32/Keygen
• Trojan:SymbOS/ZeusMitmo.A
• Worm:W32/Downadup.AL
• Worm:W32/Downadup.A
• Worm:W32/Downaduprun.A
• Worm:W32/Downadup.gen
• Exploit:W32/PDF-Payload.Gen
• Trojan:W32/Trojan
• Toolbar:W32/MyGlobalSearch
• Other:W32/Vulnerability

How to Read a Detection Name

On discovering an infection, an antivirus program will usually display the detection that identified the infection. Detections often contain a lot of information in their names, which can be helpful to the user.

As an example, let’s take the following detection name:

 


We can break this detection down to the following components:

 


The Type identifies the kind of threat the malware poses. In this example, the malware is a Worm, a type of program that can replicate independently across a network and cause damage to an infected computer. You can read more about the various types here.

The Platform is the operating system or application framework that a malware needs in order to run properly. In most cases, a malware will only be able to run in one specific platform. In this example, the worm is able to function on a computer that runs the Win32 Windows operating system. You can read about the various platforms malware can function on here.

The Family is the unique name given to a malware, in this case Mabezat. The term family is used because once a unique malware is created, the malware author (or other hackers) will often create newer, modified versions of the malware. These newer versions share the same characteristics as the parent program and they are all considered to be from one family.

The Variant identifies a specific version of the malware within the family. In this example, the B variant is a variation of the original Worm:W32/Mabezat malware. Variants are usually arranged in chronological order, incrementing each time a new variant appears.