Current status of the CARO malware naming scheme

Dr Vesselin Bontchev FRISK Software International

The CARO malware naming scheme was created almost 15 years ago. To this date, it remains the naming scheme that is the most widely used in anti-virus products – despite being criticized from left and right and despite the fact that no product has absolute compliance with it. One of the often-heard criticisms is that detailed documentation of the up-to-date status of the scheme is difficult to find and that this hampers the scheme’s popularity. This paper attempts to solve this problem. It documents the CARO malware-naming scheme completely, including the recently introduced changes. It will be made freely available on the web and will be continuously updated as new changes are introduced. Its purpose is to serve as an easily and publicly accessible documentation of the latest state of the CARO Malware Naming Scheme.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Virus Bulletin
In this month's magazine:
  • Living the meme
  • If Svar is the answer...
  • Static analysis of mobile malware
  • And the devil is six: the security consequences of the switch to IPv6
  • Behind enemy lines: reporting from the CCC 28C3 Congress
Virus Bulletin 02 2012
Subscribe now!

Virus Bulletin currently has 224,245 registered users.